eafd7018d60c1cfc1ea416b3b80184b67739859b9a7b343004b33eec93800086 | Triage

Sharing

General

Target

eafd7018d60c1cfc1ea416b3b80184b67739859b9a7b343004b33eec93800086
Size

750KB
Sample

230103-18zwpsgd4v
MD5

d61f393c8ab9111e57f6e89f6783eddc
SHA1

1a3e1236b567440fe96af26e9506e449b31aa4af
SHA256

eafd7018d60c1cfc1ea416b3b80184b67739859b9a7b343004b33eec93800086
SHA512

f770b52beac07e76fd16b9e1b2dd2c97c001e001524ac7c2af1be1b814b61ff9e7afa20f7c8c019869bc04200222a18f156de5ad7e7956012683681e9f58cc96
SSDEEP

12288:F/plFYoq77LJED1/LTeXGVFkzP9PjSLpaOoGg/ukIJCR824+yYjZS6IYb7oU:FRlFYoq77FED1/LTeXGVFkztsaf/7IJa

Score

8^/10

Malware Config

Targets

- Target
  
  eafd7018d60c1cfc1ea416b3b80184b67739859b9a7b343004b33eec93800086
- Size
  
  750KB
- MD5
  
  d61f393c8ab9111e57f6e89f6783eddc
- SHA1
  
  1a3e1236b567440fe96af26e9506e449b31aa4af
- SHA256
  
  eafd7018d60c1cfc1ea416b3b80184b67739859b9a7b343004b33eec93800086
- SHA512
  
  f770b52beac07e76fd16b9e1b2dd2c97c001e001524ac7c2af1be1b814b61ff9e7afa20f7c8c019869bc04200222a18f156de5ad7e7956012683681e9f58cc96
- SSDEEP
  
  12288:F/plFYoq77LJED1/LTeXGVFkzP9PjSLpaOoGg/ukIJCR824+yYjZS6IYb7oU:FRlFYoq77FED1/LTeXGVFkztsaf/7IJa
Score

8^/10
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2