d59f176c2d6ffba8a6130db7b5d67f5b0b05615a4987e76db8a081902c67b6f6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d59f176c2d6ffba8a6130db7b5d67f5b0b05615a4987e76db8a081902c67b6f6
Size

361KB
Sample

221121-ry56ashd4w
MD5

28438b52172ec74bcc1bde2f8f2ed060
SHA1

90db81e528d6307613eadc4f0c56d410b4cc3ab6
SHA256

d59f176c2d6ffba8a6130db7b5d67f5b0b05615a4987e76db8a081902c67b6f6
SHA512

98fecfaf25d9f4f2e447f85318a02d20d5fb4f244b0e30edd6f2a4723a496c5b72129a2c22dc33b467b3a964a019dddfa2b90a7a0054c244c49650fc619d08a9
SSDEEP

6144:4flfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:4flfAsiVGjSGecvX

Score

10^/10

Malware Config

Targets

- Target
  
  d59f176c2d6ffba8a6130db7b5d67f5b0b05615a4987e76db8a081902c67b6f6
- Size
  
  361KB
- MD5
  
  28438b52172ec74bcc1bde2f8f2ed060
- SHA1
  
  90db81e528d6307613eadc4f0c56d410b4cc3ab6
- SHA256
  
  d59f176c2d6ffba8a6130db7b5d67f5b0b05615a4987e76db8a081902c67b6f6
- SHA512
  
  98fecfaf25d9f4f2e447f85318a02d20d5fb4f244b0e30edd6f2a4723a496c5b72129a2c22dc33b467b3a964a019dddfa2b90a7a0054c244c49650fc619d08a9
- SSDEEP
  
  6144:4flfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:4flfAsiVGjSGecvX
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2