a2fa2b28857ae40da56ab36e270df2c47d4591ac7f9d81e7a14583a745085942 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a2fa2b28857ae40da56ab36e270df2c47d4591ac7f9d81e7a14583a745085942
Size

721KB
Sample

220919-wk7t7abea8
MD5

7d0bad94562368aa38c2c30ac906c2d2
SHA1

6341af09be233487048d261fa7a6d69e69819d9c
SHA256

a2fa2b28857ae40da56ab36e270df2c47d4591ac7f9d81e7a14583a745085942
SHA512

c438fa789da6166d1c673a2a415757f3c3496deefbec6552c5a5fb88c4ab31cff0e195438e60a801222e051b10a2ded0a617fb881304f4ffaf73f2d6a61b5790
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a2fa2b28857ae40da56ab36e270df2c47d4591ac7f9d81e7a14583a745085942
- Size
  
  721KB
- MD5
  
  7d0bad94562368aa38c2c30ac906c2d2
- SHA1
  
  6341af09be233487048d261fa7a6d69e69819d9c
- SHA256
  
  a2fa2b28857ae40da56ab36e270df2c47d4591ac7f9d81e7a14583a745085942
- SHA512
  
  c438fa789da6166d1c673a2a415757f3c3496deefbec6552c5a5fb88c4ab31cff0e195438e60a801222e051b10a2ded0a617fb881304f4ffaf73f2d6a61b5790
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1