6ba26b5ed8c54d1ccf21deb72b01c0f167259dcffcd94c09d064d1446ce33c3e | Triage

Sharing

General

Target

6ba26b5ed8c54d1ccf21deb72b01c0f167259dcffcd94c09d064d1446ce33c3e
Size

716KB
Sample

220912-t8j2xshder
MD5

375d2ebf9a10647a20b4bc72b2b8c6aa
SHA1

84fe95a0be60acde4f7c709fafb73865e882e9de
SHA256

6ba26b5ed8c54d1ccf21deb72b01c0f167259dcffcd94c09d064d1446ce33c3e
SHA512

28ed70ef6d6d7fab4c432d55f893dd0b4f29fa7bd25d1a98efab80d52a7ffb15ae7d59f68df4e17994cf9959b908eed4fa80adb85e7624979e4606f0f5b186d4
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  6ba26b5ed8c54d1ccf21deb72b01c0f167259dcffcd94c09d064d1446ce33c3e
- Size
  
  716KB
- MD5
  
  375d2ebf9a10647a20b4bc72b2b8c6aa
- SHA1
  
  84fe95a0be60acde4f7c709fafb73865e882e9de
- SHA256
  
  6ba26b5ed8c54d1ccf21deb72b01c0f167259dcffcd94c09d064d1446ce33c3e
- SHA512
  
  28ed70ef6d6d7fab4c432d55f893dd0b4f29fa7bd25d1a98efab80d52a7ffb15ae7d59f68df4e17994cf9959b908eed4fa80adb85e7624979e4606f0f5b186d4
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1