353a3109caa60d07ed0d742e2e7a1282158f602ab96f7df96206f8c9f141ce37 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

353a3109caa60d07ed0d742e2e7a1282158f602ab96f7df96206f8c9f141ce37
Size

721KB
Sample

220920-gylrjsffgr
MD5

297a4f3b70f1fa7d46473b87ef30d0be
SHA1

93460887c9823fb222e81f0fff8fef0a48cd5181
SHA256

353a3109caa60d07ed0d742e2e7a1282158f602ab96f7df96206f8c9f141ce37
SHA512

2f90cf1a32ebacbbccd683735d96d3b29793fd56c6d501126565f4fb704728b2fdc57eeb44ae3f1dbe09b69380b2014355dbedd8958e4601c9a31e06b983207d
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  353a3109caa60d07ed0d742e2e7a1282158f602ab96f7df96206f8c9f141ce37
- Size
  
  721KB
- MD5
  
  297a4f3b70f1fa7d46473b87ef30d0be
- SHA1
  
  93460887c9823fb222e81f0fff8fef0a48cd5181
- SHA256
  
  353a3109caa60d07ed0d742e2e7a1282158f602ab96f7df96206f8c9f141ce37
- SHA512
  
  2f90cf1a32ebacbbccd683735d96d3b29793fd56c6d501126565f4fb704728b2fdc57eeb44ae3f1dbe09b69380b2014355dbedd8958e4601c9a31e06b983207d
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1