a2d6df624cd6f04762ad201dd8bcbdfe8a30017b6e1f8954c8713d9ade59e687 | Triage

Resubmissions

09/05/2023, 17:42

230509-v925kafb2s 8

Sharing

Copy URL Twitter E-mail

General

Target

DOWN IN OHIO.MOV
Size

115KB
Sample

230509-v925kafb2s
MD5

01a29cdf4c5ae4b784ff075e8e388baf
SHA1

630bba9a8aa7301127c6b24e4b3929d3436a70f4
SHA256

a2d6df624cd6f04762ad201dd8bcbdfe8a30017b6e1f8954c8713d9ade59e687
SHA512

8dcfece468347e1c945100473340cd545c96fdc8aa33a1cc9f5703a89dbae8ec88118e91d12729d481e6d52efe7e6b2d5adc66766e0c27b20dfbf4e682fe3be5
SSDEEP

3072:zAOx49DDM8DlPHnCwq8eNuguNachr+2J9D/ZVo5:cOx49DDjlPHCz8ebhch62n/Zu

Score

8^/10

Malware Config

Targets

- Target
  
  DOWN IN OHIO.MOV
- Size
  
  115KB
- MD5
  
  01a29cdf4c5ae4b784ff075e8e388baf
- SHA1
  
  630bba9a8aa7301127c6b24e4b3929d3436a70f4
- SHA256
  
  a2d6df624cd6f04762ad201dd8bcbdfe8a30017b6e1f8954c8713d9ade59e687
- SHA512
  
  8dcfece468347e1c945100473340cd545c96fdc8aa33a1cc9f5703a89dbae8ec88118e91d12729d481e6d52efe7e6b2d5adc66766e0c27b20dfbf4e682fe3be5
- SSDEEP
  
  3072:zAOx49DDM8DlPHnCwq8eNuguNachr+2J9D/ZVo5:cOx49DDjlPHCz8ebhch62n/Zu
Score

8^/10
- Downloads MZ/PE file
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1