5f237d94002ec97e8f48e2c49131038e915f62f0eb5250341fe9b8bd2c747a48 | Triage

Sharing

General

Target

5f237d94002ec97e8f48e2c49131038e915f62f0eb5250341fe9b8bd2c747a48
Size

711KB
Sample

220907-cl9kmaaha3
MD5

bc3e9d621979ea8bef97aff7e05256ec
SHA1

d106154169403f5ab1c188f8d34b07ba77cee1c5
SHA256

5f237d94002ec97e8f48e2c49131038e915f62f0eb5250341fe9b8bd2c747a48
SHA512

e637cb7ab22d37b9934be71f3946e4b639885ec7aa383587ed2b23faa82b9716cb3918c5ea16a290a90bd9d555c0a7921de1fc5b521a0ebe5038183b8fc16089
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  5f237d94002ec97e8f48e2c49131038e915f62f0eb5250341fe9b8bd2c747a48
- Size
  
  711KB
- MD5
  
  bc3e9d621979ea8bef97aff7e05256ec
- SHA1
  
  d106154169403f5ab1c188f8d34b07ba77cee1c5
- SHA256
  
  5f237d94002ec97e8f48e2c49131038e915f62f0eb5250341fe9b8bd2c747a48
- SHA512
  
  e637cb7ab22d37b9934be71f3946e4b639885ec7aa383587ed2b23faa82b9716cb3918c5ea16a290a90bd9d555c0a7921de1fc5b521a0ebe5038183b8fc16089
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1