01447ba31ea73fc317cc9d03c841ea413e970caa8da70fd1f0845615b99fb55f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01447ba31ea73fc317cc9d03c841ea413e970caa8da70fd1f0845615b99fb55f
Size

719KB
Sample

220917-ft2frshbe6
MD5

5cd56af7ffda75fd775c2e0cf8b6fb83
SHA1

a4884bdd2ad4057ce2e28c6de2fc5630869f83fd
SHA256

01447ba31ea73fc317cc9d03c841ea413e970caa8da70fd1f0845615b99fb55f
SHA512

f6b23ca55efb810af7706808af9535450c9a18e391c9c45d5c50a184543cda79a37e7c34c64d5b19c09b4771b6dfd52eabb2efa4806dd1bb19a5fc890e45f43f
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  01447ba31ea73fc317cc9d03c841ea413e970caa8da70fd1f0845615b99fb55f
- Size
  
  719KB
- MD5
  
  5cd56af7ffda75fd775c2e0cf8b6fb83
- SHA1
  
  a4884bdd2ad4057ce2e28c6de2fc5630869f83fd
- SHA256
  
  01447ba31ea73fc317cc9d03c841ea413e970caa8da70fd1f0845615b99fb55f
- SHA512
  
  f6b23ca55efb810af7706808af9535450c9a18e391c9c45d5c50a184543cda79a37e7c34c64d5b19c09b4771b6dfd52eabb2efa4806dd1bb19a5fc890e45f43f
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1