bc78bb5de4ca44e40a969104f4ed44a2230d1eb67d83f16017dc2a19186e195c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc78bb5de4ca44e40a969104f4ed44a2230d1eb67d83f16017dc2a19186e195c
Size

720KB
Sample

220917-kddf8addcj
MD5

a5b1afc20cf58e185d84f128df231449
SHA1

ede2038c37055fe88b0cc910954cf6fc2358e436
SHA256

bc78bb5de4ca44e40a969104f4ed44a2230d1eb67d83f16017dc2a19186e195c
SHA512

2feba9e4e9d7387a9442287fb2561e61fd6928eb8b38d846d0a43207472332d7a9501d415f5a72250c5a2ac473a2cae83788f42c633361620fadbf5f9d7ee0ce
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  bc78bb5de4ca44e40a969104f4ed44a2230d1eb67d83f16017dc2a19186e195c
- Size
  
  720KB
- MD5
  
  a5b1afc20cf58e185d84f128df231449
- SHA1
  
  ede2038c37055fe88b0cc910954cf6fc2358e436
- SHA256
  
  bc78bb5de4ca44e40a969104f4ed44a2230d1eb67d83f16017dc2a19186e195c
- SHA512
  
  2feba9e4e9d7387a9442287fb2561e61fd6928eb8b38d846d0a43207472332d7a9501d415f5a72250c5a2ac473a2cae83788f42c633361620fadbf5f9d7ee0ce
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1