8b38771673247886e4d51a2ce87f56d484bfd48c63a0f5c391fae96b0c25d5f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b38771673247886e4d51a2ce87f56d484bfd48c63a0f5c391fae96b0c25d5f5
Size

720KB
Sample

220918-nh98jafbaj
MD5

e4e599bea00f95b8ab53a94c56ef06b7
SHA1

ad169f99cd152faddf8f99e66b323aef2a0df9b1
SHA256

8b38771673247886e4d51a2ce87f56d484bfd48c63a0f5c391fae96b0c25d5f5
SHA512

b80579c4b961e3012a29e08efff29ef43140934656f40d260c31f8dfb40830e1e87e5900b0ddf55ed6cb9d4867688119054aa0f651109eee36276a3d5c99e986
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8b38771673247886e4d51a2ce87f56d484bfd48c63a0f5c391fae96b0c25d5f5
- Size
  
  720KB
- MD5
  
  e4e599bea00f95b8ab53a94c56ef06b7
- SHA1
  
  ad169f99cd152faddf8f99e66b323aef2a0df9b1
- SHA256
  
  8b38771673247886e4d51a2ce87f56d484bfd48c63a0f5c391fae96b0c25d5f5
- SHA512
  
  b80579c4b961e3012a29e08efff29ef43140934656f40d260c31f8dfb40830e1e87e5900b0ddf55ed6cb9d4867688119054aa0f651109eee36276a3d5c99e986
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1