ad69386c76318673d8374d20af2069e54e1732aab4c6d5fcb111f800898e2637 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

482KB
Sample

230602-ylyc9aeb55
MD5

7168d4618e3e980567474463b3e7b557
SHA1

3ab64bcdb496ea523eeb4f06ffa7e5598322ed7b
SHA256

ad69386c76318673d8374d20af2069e54e1732aab4c6d5fcb111f800898e2637
SHA512

e28a6300cc58fd875cc299d068d14f45a1f8f03a9db1d56422946819e5adb38dd0c49e6a5416901254a533e61b50304bc5bd532388c635f2c6a70b4ca3b622e0
SSDEEP

12288:r6S3Z91I4PFrJ5nBCptCMGv+FS4lEMyPJFGIk+:r6c91I49rJ5nBctjGGFplEMAGx+

Score

10^/10

collection

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  482KB
- MD5
  
  7168d4618e3e980567474463b3e7b557
- SHA1
  
  3ab64bcdb496ea523eeb4f06ffa7e5598322ed7b
- SHA256
  
  ad69386c76318673d8374d20af2069e54e1732aab4c6d5fcb111f800898e2637
- SHA512
  
  e28a6300cc58fd875cc299d068d14f45a1f8f03a9db1d56422946819e5adb38dd0c49e6a5416901254a533e61b50304bc5bd532388c635f2c6a70b4ca3b622e0
- SSDEEP
  
  12288:r6S3Z91I4PFrJ5nBCptCMGv+FS4lEMyPJFGIk+:r6c91I49rJ5nBctjGGFplEMAGx+
Score

10^/10

collection
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2