49b030839d846cda6d04cbaa982a5a17f062c2f041f5a74f3b7a38d7c33dfaec | Triage

Sharing

General

Target

49b030839d846cda6d04cbaa982a5a17f062c2f041f5a74f3b7a38d7c33dfaec
Size

203KB
Sample

221107-tmxe5ahdfk
MD5

0ebbf3f5d0d9819fd918db884f1ff000
SHA1

952c0058d5b2ebc2be654b5b5657dad5ecc73ae4
SHA256

49b030839d846cda6d04cbaa982a5a17f062c2f041f5a74f3b7a38d7c33dfaec
SHA512

6761d9e494f99483a951fd011032cf509aaa30aea65a2cd3a3ccc6830a0d8214e84117f5fbe48ca17da7fd1d7b0648fb8449747cea68629ccd2bc95b81279c2c
SSDEEP

1536:0XHQpkJ48z6MJMoy+B7Dx7/xbxSm7YBzoqH5rn+I2iURGgSvrIqGLzLqvI5GcA7P:wwpkJ4Cy+xx/xbkmqH5r+IDQ+Qfu

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  49b030839d846cda6d04cbaa982a5a17f062c2f041f5a74f3b7a38d7c33dfaec
- Size
  
  203KB
- MD5
  
  0ebbf3f5d0d9819fd918db884f1ff000
- SHA1
  
  952c0058d5b2ebc2be654b5b5657dad5ecc73ae4
- SHA256
  
  49b030839d846cda6d04cbaa982a5a17f062c2f041f5a74f3b7a38d7c33dfaec
- SHA512
  
  6761d9e494f99483a951fd011032cf509aaa30aea65a2cd3a3ccc6830a0d8214e84117f5fbe48ca17da7fd1d7b0648fb8449747cea68629ccd2bc95b81279c2c
- SSDEEP
  
  1536:0XHQpkJ48z6MJMoy+B7Dx7/xbxSm7YBzoqH5rn+I2iURGgSvrIqGLzLqvI5GcA7P:wwpkJ4Cy+xx/xbkmqH5r+IDQ+Qfu
Score

8^/10

discovery persistence
- Contacts a large (1340) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Registers COM server for autorun
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence