8e83b4c798ca9e24e6b33ff30817a4bd2703bad34701f220f9b5f5e730fedcd9 | Triage

Resubmissions

10/01/2023, 00:56

230110-batjlabg9z 10

10/01/2023, 00:50

230110-a6w4xsbg8x 10

09/01/2023, 22:18

230109-172nxabd8y 8

Sharing

General

Target

8e83b4c798ca9e24e6b33ff30817a4bd2703bad34701f220f9b5f5e730fedcd9
Size

1.0MB
Sample

230109-172nxabd8y
MD5

dd30580c68a1fe179b2c1fed353b2ecb
SHA1

a6d06a2904cafe55f4832337dcb2a5cc563ca456
SHA256

8e83b4c798ca9e24e6b33ff30817a4bd2703bad34701f220f9b5f5e730fedcd9
SHA512

5b54a3f73c9e8fb3d9eff6ee579475c05724c5af703fa917438899857abeb730bea50f50752be4c10f12042c380d9a57d98ef9ef6b16658b39a950ff9b43a211
SSDEEP

24576:uurEZ30cjU8lSp/jh+Nc3VLn5W32gftwUys5NV:c0Olu/jwNcO9twH+

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8e83b4c798ca9e24e6b33ff30817a4bd2703bad34701f220f9b5f5e730fedcd9
- Size
  
  1.0MB
- MD5
  
  dd30580c68a1fe179b2c1fed353b2ecb
- SHA1
  
  a6d06a2904cafe55f4832337dcb2a5cc563ca456
- SHA256
  
  8e83b4c798ca9e24e6b33ff30817a4bd2703bad34701f220f9b5f5e730fedcd9
- SHA512
  
  5b54a3f73c9e8fb3d9eff6ee579475c05724c5af703fa917438899857abeb730bea50f50752be4c10f12042c380d9a57d98ef9ef6b16658b39a950ff9b43a211
- SSDEEP
  
  24576:uurEZ30cjU8lSp/jh+Nc3VLn5W32gftwUys5NV:c0Olu/jwNcO9twH+
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2