b031623b875d6a39a92325a6299b4117488de2c05847cafc7c81f99880527df4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

80674d319f748542d1d98c177453d160.bin
Size

365KB
Sample

230605-nvlqpsgh6s
MD5

9a2a5119f051803f293126b00f709666
SHA1

8021a4ea7d1c96be174628510b061ea0313d4849
SHA256

b031623b875d6a39a92325a6299b4117488de2c05847cafc7c81f99880527df4
SHA512

da707579ae80bc424119c442c4b0f4fc4d380db71c2dfb7f37bd0b810a96c6ed29f288fecc01c9044c5d18d874f05c83d6ac186450bd84d7292aad7554010444
SSDEEP

6144:50nCc8og4dlAQ6So9T8cv2NXn5ZUaEMYc0gB25wCMWbwmXkmuVT1N:nctnd6SoR8cvi35ZMi0gAwCMCkmulf

Score

10^/10

collection

Malware Config

Targets

- Target
  
  1b306f9a2c87c8ab411564465e3213533585d259654a4435c781a3a8fbb08488.exe
- Size
  
  457KB
- MD5
  
  80674d319f748542d1d98c177453d160
- SHA1
  
  20060155c58e2168efadb7defd268a6150f0243c
- SHA256
  
  1b306f9a2c87c8ab411564465e3213533585d259654a4435c781a3a8fbb08488
- SHA512
  
  ac834182de52ee7faf11e9fa3e5075c85934b23335b55d622d1bc1103360602b49288ac6c9741cd47ac7fe4b464217054191433a47c438288695329f66fcb480
- SSDEEP
  
  6144:stfVNkIi0H6rWfMmkri/E8VzlR4AqTGFkl2YuyA/GjTxoLraz4HCkj:shVNkIi9kM9cE0RfOGFkl2YNWrq4H5
Score

10^/10

collection
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2