37fd86fa51331f73653b36781bc3aa49ee4a274ab7e95a7b8a9a4baebf7482d7 | Triage

Sharing

General

Target

37fd86fa51331f73653b36781bc3aa49ee4a274ab7e95a7b8a9a4baebf7482d7
Size

716KB
Sample

220912-xgakyshfel
MD5

55b58a200828514b383fdf4ba2b04397
SHA1

0df428af82fedc30cb37ee41ec01abfb8211bb77
SHA256

37fd86fa51331f73653b36781bc3aa49ee4a274ab7e95a7b8a9a4baebf7482d7
SHA512

fd1e958336b0d91c7ab1ed910d14b178f4206597fd95849bdc7dbdfac513e3281516b848dfac3ffe62a1c78de076ab9fbb546822a363e837887d5b37f2ff968f
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  37fd86fa51331f73653b36781bc3aa49ee4a274ab7e95a7b8a9a4baebf7482d7
- Size
  
  716KB
- MD5
  
  55b58a200828514b383fdf4ba2b04397
- SHA1
  
  0df428af82fedc30cb37ee41ec01abfb8211bb77
- SHA256
  
  37fd86fa51331f73653b36781bc3aa49ee4a274ab7e95a7b8a9a4baebf7482d7
- SHA512
  
  fd1e958336b0d91c7ab1ed910d14b178f4206597fd95849bdc7dbdfac513e3281516b848dfac3ffe62a1c78de076ab9fbb546822a363e837887d5b37f2ff968f
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1