General

  • Target

    519a4655f121a0d225c90544bb38a01efdaf51e00dc3b42ed88254169de50c2a

  • Size

    187KB

  • Sample

    221124-x429gsha3t

  • MD5

    5ebe8380dfc5f8943ccaf7b213325f35

  • SHA1

    7928df89a5e15b177330d02d2d814b91ab6ab155

  • SHA256

    519a4655f121a0d225c90544bb38a01efdaf51e00dc3b42ed88254169de50c2a

  • SHA512

    9f03e856d3fdf1e32a454038363cadb2d6128ec6b0fe2a9f81f442121518a03e0a7ad0509e506803095bc7efa965e780c9b49ec15a14c3cf84df3f6dc731a663

Score
8/10

Malware Config

Targets

    • Target

      519a4655f121a0d225c90544bb38a01efdaf51e00dc3b42ed88254169de50c2a

    • Size

      187KB

    • MD5

      5ebe8380dfc5f8943ccaf7b213325f35

    • SHA1

      7928df89a5e15b177330d02d2d814b91ab6ab155

    • SHA256

      519a4655f121a0d225c90544bb38a01efdaf51e00dc3b42ed88254169de50c2a

    • SHA512

      9f03e856d3fdf1e32a454038363cadb2d6128ec6b0fe2a9f81f442121518a03e0a7ad0509e506803095bc7efa965e780c9b49ec15a14c3cf84df3f6dc731a663

    Score
    8/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation