54681506b41a12541f678c6bf1f1aece08da2d8fa7e42102ac1a6529c6f390ea | Triage

Sharing

General

Target

54681506b41a12541f678c6bf1f1aece08da2d8fa7e42102ac1a6529c6f390ea
Size

727KB
Sample

220928-mwrgxaffd7
MD5

32c00f1ca0b9a87b06fb9f4884e12695
SHA1

f8c230a86dcb9bb746365da742fe595524da401f
SHA256

54681506b41a12541f678c6bf1f1aece08da2d8fa7e42102ac1a6529c6f390ea
SHA512

e90bdb62609021e8700f13feae96abe764a1dba2ee508939ca52281bfc31ba408bfb4671c21fed8880864cf956dd2af26b91b283ccb99bda0dfc69335fac8ec6
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  54681506b41a12541f678c6bf1f1aece08da2d8fa7e42102ac1a6529c6f390ea
- Size
  
  727KB
- MD5
  
  32c00f1ca0b9a87b06fb9f4884e12695
- SHA1
  
  f8c230a86dcb9bb746365da742fe595524da401f
- SHA256
  
  54681506b41a12541f678c6bf1f1aece08da2d8fa7e42102ac1a6529c6f390ea
- SHA512
  
  e90bdb62609021e8700f13feae96abe764a1dba2ee508939ca52281bfc31ba408bfb4671c21fed8880864cf956dd2af26b91b283ccb99bda0dfc69335fac8ec6
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1