568b8c4eef6f817dea01f02d4d59e38cb46e0a97482d8136ddb48617c33b4f14 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

568b8c4eef6f817dea01f02d4d59e38cb46e0a97482d8136ddb48617c33b4f14
Size

80KB
Sample

221203-cazahsea64
MD5

9cf9b39d0ec5fd5a4ad5bae5ef22a3b6
SHA1

91c438fdd226e28b6ec7eac48cc392d031874ee3
SHA256

568b8c4eef6f817dea01f02d4d59e38cb46e0a97482d8136ddb48617c33b4f14
SHA512

4c32f56764c1524c548bfa49e45d89e1aba1a315431e9ea57067af0d13254c0c5d6e62c63cdd0a80f9da156a0aae78f7f6dee728ead97c40d74cfdda7e62bab1
SSDEEP

1536:ykDro9Ash6VQZtlRtQlQ7pYw/zQymCJVVBZ9SZztEJe+9N+KZupBaY153u9Kwrpp:JDvsEU8lGpD/NZBZ9a3uN+zvx3YKC

Score

8^/10

Malware Config

Targets

- Target
  
  PHOTO-GOLAYA.exe
- Size
  
  180KB
- MD5
  
  69a9db2003415946eb1185c9ab4d6ca4
- SHA1
  
  a4e84147d24c578a9a0ac9b4b08815d45cf035c1
- SHA256
  
  39f420b486362ecca29eb4c068e665c2bd126f6f526049c26491539d1135582f
- SHA512
  
  2ddd0734c50bf4ecb5be23127e1354d641d78c49d4f20c703ef36621db6af9c1dcc2447f3d04527ea9fe56cdaf425c651b932139faed62537ceee3b662c14ad8
- SSDEEP
  
  3072:oBAp5XhKpN4eOyVTGfhEClj8jTk+0hN7+mYnhIAhyYwYs:fbXE9OiTGfhEClq9s+mYnhIAhyT
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2