32c684e09c2a6230dea9b1c4ecd0645df376bd212a2a0878ec92769ed07837d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32c684e09c2a6230dea9b1c4ecd0645df376bd212a2a0878ec92769ed07837d5
Size

733KB
Sample

221009-d3jk7sgbh3
MD5

2c595124cfb7d9e96502634287bb200b
SHA1

300c5ee68dcc7c2b91a7c0894f038460809c8b9e
SHA256

32c684e09c2a6230dea9b1c4ecd0645df376bd212a2a0878ec92769ed07837d5
SHA512

435255badc39db3b43f1af7cdca1f2dfcc6381984ac27f317b59afdad07905ef65eb27f76a9083c244248e73051103882e0dbad48cacf452c65c6ea06681397b
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  32c684e09c2a6230dea9b1c4ecd0645df376bd212a2a0878ec92769ed07837d5
- Size
  
  733KB
- MD5
  
  2c595124cfb7d9e96502634287bb200b
- SHA1
  
  300c5ee68dcc7c2b91a7c0894f038460809c8b9e
- SHA256
  
  32c684e09c2a6230dea9b1c4ecd0645df376bd212a2a0878ec92769ed07837d5
- SHA512
  
  435255badc39db3b43f1af7cdca1f2dfcc6381984ac27f317b59afdad07905ef65eb27f76a9083c244248e73051103882e0dbad48cacf452c65c6ea06681397b
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1