87ff96f10899a373d9a9bcdef9717e05e4b3b68a9e6efd462893df22883ce73e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

87ff96f10899a373d9a9bcdef9717e05e4b3b68a9e6efd462893df22883ce73e
Size

714KB
Sample

220910-gk2wlshfe2
MD5

6afdf80ed217d5c52d0373f374633549
SHA1

38aa5476e2f3b091411145b733db7e3c829afb3c
SHA256

87ff96f10899a373d9a9bcdef9717e05e4b3b68a9e6efd462893df22883ce73e
SHA512

33a842502a1e2be3bc6c3da330c8850869f2edf84d1c86a2de211eb881122fef22b65519866d7875278fd7e7b654012767c276453d05706caf6366e713e33727
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  87ff96f10899a373d9a9bcdef9717e05e4b3b68a9e6efd462893df22883ce73e
- Size
  
  714KB
- MD5
  
  6afdf80ed217d5c52d0373f374633549
- SHA1
  
  38aa5476e2f3b091411145b733db7e3c829afb3c
- SHA256
  
  87ff96f10899a373d9a9bcdef9717e05e4b3b68a9e6efd462893df22883ce73e
- SHA512
  
  33a842502a1e2be3bc6c3da330c8850869f2edf84d1c86a2de211eb881122fef22b65519866d7875278fd7e7b654012767c276453d05706caf6366e713e33727
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1