c221dfe71f3d813f6e725643a3d2ad4f1352dc72213d2c04c4814cdf613dea5b | Triage

Sharing

General

Target

plainext_v1_8_by_jaxoriginals_dekwcwx.rmskin
Size

305KB
Sample

230515-ezctxsha61
MD5

022582f564cefc42e57931472c801f97
SHA1

ecc6e24efe4086a044822ea9c4502a71f47bcc5c
SHA256

c221dfe71f3d813f6e725643a3d2ad4f1352dc72213d2c04c4814cdf613dea5b
SHA512

b5eedf7d623f72a6f657ac5064099703ef20a5f584a6e93f05e5d09896403ec869549afacbd5bea74474f1725fb4fb6be58c08cf0f34e32888e697dc73d070ef
SSDEEP

6144:T1b/xS7olWb48FyRjVdXA7kPQgdIxEWaTifui8aV2x5Rrer521dYvNxNhXq:5xS7olH8FGPAOPTOKPRrero1f

Score

8^/10

Malware Config

Targets

- Target
  
  Skins/#JaxCoreRMInstaller/Setup.bat
- Size
  
  202B
- MD5
  
  c75e9685131bbccc8e63b072ba4dff9e
- SHA1
  
  9f3bd74a46fea595a9c93e38b3b6c58f280b011f
- SHA256
  
  934843ab20c3c94ff40fd03b9ec096b8fbcdb3e6a6770aaadd74a8aa386bcdc6
- SHA512
  
  fad578c2c57ec96bd1442f1bdb23beee1304077af7d3f25ed786a20f7656635eda07400a85ed74e1178213b26b036315a314cdd29fea7e99f3bccb70f823f7fb
Score

8^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2