48dcbd066ffc717764d933a89fce96df6349c8d48ca468786e63d0756d125276 | Triage

Resubmissions

21/03/2023, 17:51

230321-we93csec6z 8

21/03/2023, 17:48

230321-wdsfxsec6t 7

Sharing

Copy URL Twitter E-mail

General

Target

CustomRP.1.17.4.exe
Size

4.9MB
Sample

230321-we93csec6z
MD5

ae1ad9f6c51d64a7492c01cd8bea6a92
SHA1

b10a23ac32184f0d263a6dc352e9a6e6b20efd35
SHA256

48dcbd066ffc717764d933a89fce96df6349c8d48ca468786e63d0756d125276
SHA512

843bd4184bd20cd582850dbbb73cda145ac4ac48b7e244e6afe2aa5f4e2ee88eecd49a662d870a46e2c64388d3734153bd90526bb5f6a8e338dd36e57936c682
SSDEEP

98304:AkLmuw4U/ddEriFeQpTnPLTL8Set4GeoupbtK301cCBi:fmjT4riFeQpTnP/LCfeoupbY3ZCBi

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  CustomRP.1.17.4.exe
- Size
  
  4.9MB
- MD5
  
  ae1ad9f6c51d64a7492c01cd8bea6a92
- SHA1
  
  b10a23ac32184f0d263a6dc352e9a6e6b20efd35
- SHA256
  
  48dcbd066ffc717764d933a89fce96df6349c8d48ca468786e63d0756d125276
- SHA512
  
  843bd4184bd20cd582850dbbb73cda145ac4ac48b7e244e6afe2aa5f4e2ee88eecd49a662d870a46e2c64388d3734153bd90526bb5f6a8e338dd36e57936c682
- SSDEEP
  
  98304:AkLmuw4U/ddEriFeQpTnPLTL8Set4GeoupbtK301cCBi:fmjT4riFeQpTnP/LCfeoupbY3ZCBi
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1