f8486921fa958ae7a271577bbbd65a27f51a1e527db82caea9b5eab07b939812 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f8486921fa958ae7a271577bbbd65a27f51a1e527db82caea9b5eab07b939812
Size

722KB
Sample

220920-sv8bxsdee9
MD5

1e5481bf1a6c120e6fe7650f779a6bf3
SHA1

11ba3266bde2b517aa27f9a6d1755e9b87783efb
SHA256

f8486921fa958ae7a271577bbbd65a27f51a1e527db82caea9b5eab07b939812
SHA512

8064e372221682c5b6db156e79002cb264a8811d8f9d4b4bd477fc7e0b6be67329c075f9f35edbef37f32e43f9ad876ce2b6d6e7a7cc17dfde2981eba893b1c2
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f8486921fa958ae7a271577bbbd65a27f51a1e527db82caea9b5eab07b939812
- Size
  
  722KB
- MD5
  
  1e5481bf1a6c120e6fe7650f779a6bf3
- SHA1
  
  11ba3266bde2b517aa27f9a6d1755e9b87783efb
- SHA256
  
  f8486921fa958ae7a271577bbbd65a27f51a1e527db82caea9b5eab07b939812
- SHA512
  
  8064e372221682c5b6db156e79002cb264a8811d8f9d4b4bd477fc7e0b6be67329c075f9f35edbef37f32e43f9ad876ce2b6d6e7a7cc17dfde2981eba893b1c2
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1