dc6b80fea2aa23d4dcfe0a8ff31f8af66f3dbb58764e7ada2817322135863517 | Triage

Sharing

General

Target

dc6b80fea2aa23d4dcfe0a8ff31f8af66f3dbb58764e7ada2817322135863517
Size

732KB
Sample

221007-xcdrtaddak
MD5

aef94bb27510b5dfeb93997762bad915
SHA1

ce3e97a1f78329473e5d67228a4174c33f4522b3
SHA256

dc6b80fea2aa23d4dcfe0a8ff31f8af66f3dbb58764e7ada2817322135863517
SHA512

2ad3817c9994ff6e52c091e51784858a513dbe92948c8287424fb9afa4368277e51e6a1bf9ef117ebb5c801eb2a6269105c65dca070f72ee26ab8a611cfb90be
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  dc6b80fea2aa23d4dcfe0a8ff31f8af66f3dbb58764e7ada2817322135863517
- Size
  
  732KB
- MD5
  
  aef94bb27510b5dfeb93997762bad915
- SHA1
  
  ce3e97a1f78329473e5d67228a4174c33f4522b3
- SHA256
  
  dc6b80fea2aa23d4dcfe0a8ff31f8af66f3dbb58764e7ada2817322135863517
- SHA512
  
  2ad3817c9994ff6e52c091e51784858a513dbe92948c8287424fb9afa4368277e51e6a1bf9ef117ebb5c801eb2a6269105c65dca070f72ee26ab8a611cfb90be
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1