16dd30bc3187e0027b35c468a4838a4db135ac28aed4d0e4eb5aeaa0530e7426 | Triage

Sharing

General

Target

16dd30bc3187e0027b35c468a4838a4db135ac28aed4d0e4eb5aeaa0530e7426
Size

282KB
Sample

221125-f5pakshb9t
MD5

572540a337ad063e789274532cbe9132
SHA1

1f36c5c0ce67f9fe9dd1cd716ab4e6058734955d
SHA256

16dd30bc3187e0027b35c468a4838a4db135ac28aed4d0e4eb5aeaa0530e7426
SHA512

24810cc3a63153a5839c2d7e1de4b9f9d51a8f19363482f8a716d34c5f6e21e11a54abf6e17935c0a06d92e82afc07a053c52416052f09fd5e5745fcf8d9abfa
SSDEEP

6144:62DRZVcMcpBrucMhrndQqAgKnef8AnA3n/LbFP1Z3s9B7txu8udmSr/:6cguRT1gRN1tsPBHSr

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  16dd30bc3187e0027b35c468a4838a4db135ac28aed4d0e4eb5aeaa0530e7426
- Size
  
  282KB
- MD5
  
  572540a337ad063e789274532cbe9132
- SHA1
  
  1f36c5c0ce67f9fe9dd1cd716ab4e6058734955d
- SHA256
  
  16dd30bc3187e0027b35c468a4838a4db135ac28aed4d0e4eb5aeaa0530e7426
- SHA512
  
  24810cc3a63153a5839c2d7e1de4b9f9d51a8f19363482f8a716d34c5f6e21e11a54abf6e17935c0a06d92e82afc07a053c52416052f09fd5e5745fcf8d9abfa
- SSDEEP
  
  6144:62DRZVcMcpBrucMhrndQqAgKnef8AnA3n/LbFP1Z3s9B7txu8udmSr/:6cguRT1gRN1tsPBHSr
Score

7^/10

persistence discovery
- Deletes itself
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence