82dffd73e3dbbd3f3333aa68fff3d8b1ac02090f79cd8fd46663515321507291 | Triage

Resubmissions

04/01/2023, 21:52

230104-1q6ljadc4y 7

04/01/2023, 21:47

230104-1na2vadc31 7

04/01/2023, 21:43

230104-1k8hyadc3v 7

04/01/2023, 21:40

230104-1h6xbshg59 7

Sharing

General

Target

Diavlo v2.exe
Size

37.6MB
Sample

230104-1q6ljadc4y
MD5

f546ad3c58cf8067f72ab2cc7ab07997
SHA1

35a8ea8434ea2eda229b10a8266833cbd1227be5
SHA256

82dffd73e3dbbd3f3333aa68fff3d8b1ac02090f79cd8fd46663515321507291
SHA512

bf41d5c68f6c0875dbdd2100dd50367440e7172e698f2622f9a9aca8a08c9ca388ca863f0ff3a8b10197673f524aa25818ad21469e8016fb6ba126861da82dd4
SSDEEP

393216:uT+UwRM9dM/ISGL2Vmd6ml/m3p5c/eEJ4PV4aU55RdG1xSNiQ:/qT6ISGyVmdXK5uh4PqrG14NiQ

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  Diavlo v2.exe
- Size
  
  37.6MB
- MD5
  
  f546ad3c58cf8067f72ab2cc7ab07997
- SHA1
  
  35a8ea8434ea2eda229b10a8266833cbd1227be5
- SHA256
  
  82dffd73e3dbbd3f3333aa68fff3d8b1ac02090f79cd8fd46663515321507291
- SHA512
  
  bf41d5c68f6c0875dbdd2100dd50367440e7172e698f2622f9a9aca8a08c9ca388ca863f0ff3a8b10197673f524aa25818ad21469e8016fb6ba126861da82dd4
- SSDEEP
  
  393216:uT+UwRM9dM/ISGL2Vmd6ml/m3p5c/eEJ4PV4aU55RdG1xSNiQ:/qT6ISGyVmdXK5uh4PqrG14NiQ
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2