b20bd49202d7011b59ffcb83ab25e30d25838f0017f0257ac3e32fbe0a28e6bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b20bd49202d7011b59ffcb83ab25e30d25838f0017f0257ac3e32fbe0a28e6bd
Size

138KB
Sample

221125-zzwl9aab4x
MD5

f59b6e4aa4ab4fb392918f3975885d0e
SHA1

cfee4c64c4728254aa1e2ffff2263bd9c25e4f66
SHA256

b20bd49202d7011b59ffcb83ab25e30d25838f0017f0257ac3e32fbe0a28e6bd
SHA512

17aa6a3f53d6d111512b0dd6d8b4ef1b9205e99029e87229d97dbac46cb04e6247cea61e61c4fc61dd626021cd34227db18d51fa539164c8c9a0ef97aedeaff9
SSDEEP

3072:Mydp70Kw0Kgp+33pDmaO+0PDGSXU3HvGG:TdN0sgmnPUXvGG

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  b20bd49202d7011b59ffcb83ab25e30d25838f0017f0257ac3e32fbe0a28e6bd
- Size
  
  138KB
- MD5
  
  f59b6e4aa4ab4fb392918f3975885d0e
- SHA1
  
  cfee4c64c4728254aa1e2ffff2263bd9c25e4f66
- SHA256
  
  b20bd49202d7011b59ffcb83ab25e30d25838f0017f0257ac3e32fbe0a28e6bd
- SHA512
  
  17aa6a3f53d6d111512b0dd6d8b4ef1b9205e99029e87229d97dbac46cb04e6247cea61e61c4fc61dd626021cd34227db18d51fa539164c8c9a0ef97aedeaff9
- SSDEEP
  
  3072:Mydp70Kw0Kgp+33pDmaO+0PDGSXU3HvGG:TdN0sgmnPUXvGG
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2