8beea44520f307488f94d04241245ac943e2013f165308bac4277efae326c060 | Triage

Sharing

General

Target

1b1bae0b503d1aa9d659db31ed2cd208.exe
Size

401KB
Sample

221220-3jvlssed7x
MD5

1b1bae0b503d1aa9d659db31ed2cd208
SHA1

a0a740dabdb48f1ec5665f9ee6026734e5d6d044
SHA256

8beea44520f307488f94d04241245ac943e2013f165308bac4277efae326c060
SHA512

e960612d89779f9d80eb683a7f89acf43116131adab7044b9f2bd66b613afd1e8e83dc26a76424875b6f281265d93d17f63e8d288346e613658a386552c10d06
SSDEEP

6144:YKdKe+GXmr07DPIE5e20BnJSpY2vGo/WEVSMofYZzPtWMIvA1h7OHpjo9KK:YOkFr07d5e5gVLVPtW/Y1h7mp

Score

8^/10

Malware Config

Targets

- Target
  
  1b1bae0b503d1aa9d659db31ed2cd208.exe
- Size
  
  401KB
- MD5
  
  1b1bae0b503d1aa9d659db31ed2cd208
- SHA1
  
  a0a740dabdb48f1ec5665f9ee6026734e5d6d044
- SHA256
  
  8beea44520f307488f94d04241245ac943e2013f165308bac4277efae326c060
- SHA512
  
  e960612d89779f9d80eb683a7f89acf43116131adab7044b9f2bd66b613afd1e8e83dc26a76424875b6f281265d93d17f63e8d288346e613658a386552c10d06
- SSDEEP
  
  6144:YKdKe+GXmr07DPIE5e20BnJSpY2vGo/WEVSMofYZzPtWMIvA1h7OHpjo9KK:YOkFr07d5e5gVLVPtW/Y1h7mp
Score

8^/10
- Downloads MZ/PE file
- Drops file in Drivers directory
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2