f23afb4c2ab8bf7c9277e0dbf6b28a1c83fc49ec653e3311d9f56c875291c477 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f23afb4c2ab8bf7c9277e0dbf6b28a1c83fc49ec653e3311d9f56c875291c477
Size

721KB
Sample

220919-pv9cfahbg6
MD5

beba0a2566732822c9c1327d62de2958
SHA1

344008be6c90122a291418044851b89fc1f9ccac
SHA256

f23afb4c2ab8bf7c9277e0dbf6b28a1c83fc49ec653e3311d9f56c875291c477
SHA512

0b0da6891aab81b9b07f307498777e00811daa3914252f9aa9d499b7eeaa9c7e1fc55facac75f13fc492c116d0dafde955d6673b81bd12c394d6e8201ddd5583
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f23afb4c2ab8bf7c9277e0dbf6b28a1c83fc49ec653e3311d9f56c875291c477
- Size
  
  721KB
- MD5
  
  beba0a2566732822c9c1327d62de2958
- SHA1
  
  344008be6c90122a291418044851b89fc1f9ccac
- SHA256
  
  f23afb4c2ab8bf7c9277e0dbf6b28a1c83fc49ec653e3311d9f56c875291c477
- SHA512
  
  0b0da6891aab81b9b07f307498777e00811daa3914252f9aa9d499b7eeaa9c7e1fc55facac75f13fc492c116d0dafde955d6673b81bd12c394d6e8201ddd5583
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1