654310ad703fc62b0914ba373e26bc24712126185ea58a1a3a64c7366a3ccffb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

654310ad703fc62b0914ba373e26bc24712126185ea58a1a3a64c7366a3ccffb
Size

733KB
Sample

221009-ey3c7agdbm
MD5

9ff5dca97d8d2a73c27f8fc68f2cd21f
SHA1

512a9463f700da63b4478072fad0b04e49ee3ed2
SHA256

654310ad703fc62b0914ba373e26bc24712126185ea58a1a3a64c7366a3ccffb
SHA512

d6c72d5e41689d780bb79e1ca8f7644ae3feff9ce0c0806d526d12d960c2d07a21bd1af927fd796f68c79990f5e957bc0251b32c89979f36e2d474826a903ffc
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  654310ad703fc62b0914ba373e26bc24712126185ea58a1a3a64c7366a3ccffb
- Size
  
  733KB
- MD5
  
  9ff5dca97d8d2a73c27f8fc68f2cd21f
- SHA1
  
  512a9463f700da63b4478072fad0b04e49ee3ed2
- SHA256
  
  654310ad703fc62b0914ba373e26bc24712126185ea58a1a3a64c7366a3ccffb
- SHA512
  
  d6c72d5e41689d780bb79e1ca8f7644ae3feff9ce0c0806d526d12d960c2d07a21bd1af927fd796f68c79990f5e957bc0251b32c89979f36e2d474826a903ffc
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1