f80fb68e43d64a69a23431326bd80179f0f3631962ab9ecc8ebb0e0354d105c7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f80fb68e43d64a69a23431326bd80179f0f3631962ab9ecc8ebb0e0354d105c7
Size

62KB
Sample

230308-ekjc6adh63
MD5

f99422c66a010e0d293cc62ea636560c
SHA1

195f2ce63f7d4aaf62d62fa85de027df10c28e7b
SHA256

f80fb68e43d64a69a23431326bd80179f0f3631962ab9ecc8ebb0e0354d105c7
SHA512

8f44b6b4893a1f35ccf1aa15411dbd7720d22b39e43576f71538e34fc21b1b866fa083940865bc541f5e6851332f0e929070bf3dd31ff68f4c19fc8a24dc3fef
SSDEEP

768:cDVW5uhmv9//zzggwyx9rIrQwJYGMbAJAmQvmbAOjPQZIuySRAN:mks89DzKyrzwDMbAqbmMOjPE7m

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f80fb68e43d64a69a23431326bd80179f0f3631962ab9ecc8ebb0e0354d105c7
- Size
  
  62KB
- MD5
  
  f99422c66a010e0d293cc62ea636560c
- SHA1
  
  195f2ce63f7d4aaf62d62fa85de027df10c28e7b
- SHA256
  
  f80fb68e43d64a69a23431326bd80179f0f3631962ab9ecc8ebb0e0354d105c7
- SHA512
  
  8f44b6b4893a1f35ccf1aa15411dbd7720d22b39e43576f71538e34fc21b1b866fa083940865bc541f5e6851332f0e929070bf3dd31ff68f4c19fc8a24dc3fef
- SSDEEP
  
  768:cDVW5uhmv9//zzggwyx9rIrQwJYGMbAJAmQvmbAOjPQZIuySRAN:mks89DzKyrzwDMbAqbmMOjPE7m
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2