2c58667a3b9176fdbf768cfee27f4b6bdff8785f6f28456d79c780d2a4cc2448 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c58667a3b9176fdbf768cfee27f4b6bdff8785f6f28456d79c780d2a4cc2448
Size

2.5MB
Sample

221017-edy52aafgr
MD5

68e6074125a3cc724d9393cd98095475
SHA1

02e7d3a791413a9cf30104f38366e591a2b76148
SHA256

2c58667a3b9176fdbf768cfee27f4b6bdff8785f6f28456d79c780d2a4cc2448
SHA512

ad28bd8490156f4e2cafb3158ff910094dbf7e06cdad7b146a9bba3666fabaf210e5e169ab73b92119b2f56613fb9bc24bc54e88f7ad561c88a1dc72e96bd4d0
SSDEEP

24576:woTeEqAgbv+zwJEYLQjggOYNYNk6qM4BMYNT6wdwScagc9Irkz6U+1gLkAAl3RuW:DiXLvXJrUjgaBRvIYz6U+1godl3

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  2c58667a3b9176fdbf768cfee27f4b6bdff8785f6f28456d79c780d2a4cc2448
- Size
  
  2.5MB
- MD5
  
  68e6074125a3cc724d9393cd98095475
- SHA1
  
  02e7d3a791413a9cf30104f38366e591a2b76148
- SHA256
  
  2c58667a3b9176fdbf768cfee27f4b6bdff8785f6f28456d79c780d2a4cc2448
- SHA512
  
  ad28bd8490156f4e2cafb3158ff910094dbf7e06cdad7b146a9bba3666fabaf210e5e169ab73b92119b2f56613fb9bc24bc54e88f7ad561c88a1dc72e96bd4d0
- SSDEEP
  
  24576:woTeEqAgbv+zwJEYLQjggOYNYNk6qM4BMYNT6wdwScagc9Irkz6U+1gLkAAl3RuW:DiXLvXJrUjgaBRvIYz6U+1godl3
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2