259d1312ef2411c2e3860a8c923f62eeb0060247f3ced34d766bc3a8c5938f54 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07cbe5d6d8ce7e375e43a725e0691362.bin
Size

370KB
Sample

230612-bd1r3sba3v
MD5

a92563d4654f41feafd6f1c4b8c20106
SHA1

cab1fe4cc3a550443899a2a8e81c0ef9659065e9
SHA256

259d1312ef2411c2e3860a8c923f62eeb0060247f3ced34d766bc3a8c5938f54
SHA512

8d3fc30b6def8b4f4169d5a299364eadabbe6a2a3ba47af3cce5baf94404970c2a417695cdebc3596c608808fc37a2434f83cc0501835141d26e69c8814f59ab
SSDEEP

6144:TIRe7wcb+7UDs4v2FkDwYHE4Kx8M+DgmiVFEG/p/SMuYL+7pna1l0tqeI:UUC7UDb2yDwYu8gmSuY6Fnql0tq1

Score

10^/10

collection

Malware Config

Targets

- Target
  
  1d39abaa47a45fd4ff89e1183c6d7d9e7755d41962f8836d1d348d0c4ed3b1ee.exe
- Size
  
  495KB
- MD5
  
  07cbe5d6d8ce7e375e43a725e0691362
- SHA1
  
  2b0cc2dabf64e28ffc010458320e6d8454542b71
- SHA256
  
  1d39abaa47a45fd4ff89e1183c6d7d9e7755d41962f8836d1d348d0c4ed3b1ee
- SHA512
  
  c6f818ce269c0e198d53b835454782e093de62d33b96c95a118d4a3c194102f8495dea95f94a19783bf0aa0014bd385eafb6f4f33bc32824ef164f46ff7fb412
- SSDEEP
  
  6144:h01PIaXJI3voRwJ+443BHMg8E8ggT0D6QArY33Ko9yYMwNi1EuJOlKFj/:hEPIGe8wJ+TBaEyTqHArY34fwIO8
Score

10^/10

collection
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2