d82eae905d4eb03b8db1374c8d2ee2b281c5e7c1dbb1940c5a7e589c14b7cfad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

oxygen_u.zip
Size

1.9MB
Sample

230527-xnfesadc3y
MD5

e7389c06a166d23535488922a647a201
SHA1

4af16736fc46743044a3fd0994551405dd04431a
SHA256

d82eae905d4eb03b8db1374c8d2ee2b281c5e7c1dbb1940c5a7e589c14b7cfad
SHA512

0089b1274b0b0de031a9195cd95a0da1e7bdcb5ac8d786cc6c5750931f50cd79c3668ab06d67544b68514401c861e635e1623cb016416dee4c2a38105ecb2cdd
SSDEEP

49152:WuLfIiclD5JJ872qmXcqtldqiAfgSaBOD:WuLf7sJJ872rXcqtlQiOsoD

Score

8^/10

Malware Config

Targets

- Target
  
  oxygen_u.zip
- Size
  
  1.9MB
- MD5
  
  e7389c06a166d23535488922a647a201
- SHA1
  
  4af16736fc46743044a3fd0994551405dd04431a
- SHA256
  
  d82eae905d4eb03b8db1374c8d2ee2b281c5e7c1dbb1940c5a7e589c14b7cfad
- SHA512
  
  0089b1274b0b0de031a9195cd95a0da1e7bdcb5ac8d786cc6c5750931f50cd79c3668ab06d67544b68514401c861e635e1623cb016416dee4c2a38105ecb2cdd
- SSDEEP
  
  49152:WuLfIiclD5JJ872qmXcqtldqiAfgSaBOD:WuLf7sJJ872rXcqtlQiOsoD
Score

1^/10
behavioral1 behavioral2
- Target
  
  OxygenU.exe
- Size
  
  2.5MB
- MD5
  
  0e99ebc3be98524080cf2276d40fe5a8
- SHA1
  
  4eb977a1bf92196d68ce572260122b94bad060e3
- SHA256
  
  0687b4eb1654cb8bd7f42c37af6ec2fdfe50a696956be2aeb2bf04d84dc29252
- SHA512
  
  35a272330aa1a262e5e7cfd5c3cd532c96611c1eef5c868de8a940fd53c287ded51b4828cf39d3b2be53565c2768bd48025440e1c068fe6431cabe31d27525b5
- SSDEEP
  
  49152:WvCbY8rkxYOPo4gtUUxJerbY8zBkqXfd+/9ADqanUUh:KCbY8rLOAmUxJerbY8zBkqXf0FhWf
Score

8^/10
- Downloads MZ/PE file
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4