4b0585028d93592b709c6dc46faa70ce51b61ee72a0e4ec77978039a1d5bfad1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b0585028d93592b709c6dc46faa70ce51b61ee72a0e4ec77978039a1d5bfad1
Size

733KB
Sample

221010-ayvwwsabh7
MD5

9f1871a5e67b6036e39d4199d02c07af
SHA1

7eb2c3c2a23d8496619651cb818bd7cea43f99c9
SHA256

4b0585028d93592b709c6dc46faa70ce51b61ee72a0e4ec77978039a1d5bfad1
SHA512

6cb30692dbf27aca36640ffeb7f1084deab355b3a3846d98a99dd854c26a2b3596a219be425e8cfea078084c0d8a3afa15913f873145c8042399476a0c37abcc
SSDEEP

768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  4b0585028d93592b709c6dc46faa70ce51b61ee72a0e4ec77978039a1d5bfad1
- Size
  
  733KB
- MD5
  
  9f1871a5e67b6036e39d4199d02c07af
- SHA1
  
  7eb2c3c2a23d8496619651cb818bd7cea43f99c9
- SHA256
  
  4b0585028d93592b709c6dc46faa70ce51b61ee72a0e4ec77978039a1d5bfad1
- SHA512
  
  6cb30692dbf27aca36640ffeb7f1084deab355b3a3846d98a99dd854c26a2b3596a219be425e8cfea078084c0d8a3afa15913f873145c8042399476a0c37abcc
- SSDEEP
  
  768:rZmchlXKGREW6VA6joSRhFH+C9Pe2auEqainmngYWxuv8Gwmwoe9R4ZstojtfcWv:schl6M+lpDCUoHid0bIrlyR
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1