d4b7b43269e08ddc31ea532dcef2632c84113340c2f1a3c71812fe3c780803e7 | Triage

Sharing

General

Target

d4b7b43269e08ddc31ea532dcef2632c84113340c2f1a3c71812fe3c780803e7
Size

459KB
Sample

221127-mxhldsbd74
MD5

b1bf3a4df553c297adcbc9c220ad8a0d
SHA1

6061000684024411c52841c9a6bc60f60bdc009c
SHA256

d4b7b43269e08ddc31ea532dcef2632c84113340c2f1a3c71812fe3c780803e7
SHA512

ab3f4c217daaf97d4099ffebadfcfb9629af62be144952a507644d69de665898b7178882cedfe747cfbc8d680461ca1e9431868bc8194cea168b9b32dd7f7dc8
SSDEEP

12288:Ly+Bjodp8RvlKCR3jEbO7OsMZnWNmVF0R9QrFI7DV7lAr:e+BjodyQC9jxVMZnWNmgR+wDcr

Score

10^/10

evasion persistence

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
**jamesbond..**

Targets

- Target
  
  d4b7b43269e08ddc31ea532dcef2632c84113340c2f1a3c71812fe3c780803e7
- Size
  
  459KB
- MD5
  
  b1bf3a4df553c297adcbc9c220ad8a0d
- SHA1
  
  6061000684024411c52841c9a6bc60f60bdc009c
- SHA256
  
  d4b7b43269e08ddc31ea532dcef2632c84113340c2f1a3c71812fe3c780803e7
- SHA512
  
  ab3f4c217daaf97d4099ffebadfcfb9629af62be144952a507644d69de665898b7178882cedfe747cfbc8d680461ca1e9431868bc8194cea168b9b32dd7f7dc8
- SSDEEP
  
  12288:Ly+Bjodp8RvlKCR3jEbO7OsMZnWNmVF0R9QrFI7DV7lAr:e+BjodyQC9jxVMZnWNmgR+wDcr
Score

10^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2