c99798d67cbf1e80040257eb9e68f62d966fe53443ca54e120e3a0379152ca80 | Triage

Sharing

General

Target

file.exe
Size

508KB
Sample

230616-3nt6tshc67
MD5

32262481df1855d46c85453fc1ce3894
SHA1

ac238a2d4d1b767eeef4bc11211935158ea04916
SHA256

c99798d67cbf1e80040257eb9e68f62d966fe53443ca54e120e3a0379152ca80
SHA512

4dce7c2b72aae70c0af87d0dfca6ffac19dcc11a75f393074353e59781331f3f6f1f4090eec4cb831a38df260eb625c1f46eaaf9ca6cb0bef91876a01afa86bf
SSDEEP

6144:ZcIh5dHEeTfxgErpyLU2e+oCLCy3a2zmeF2PkhlknBY46kEB7909:ZcfeTJgGmU5C+yqkFph6nBYxD79I

Score

10^/10

collection

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  508KB
- MD5
  
  32262481df1855d46c85453fc1ce3894
- SHA1
  
  ac238a2d4d1b767eeef4bc11211935158ea04916
- SHA256
  
  c99798d67cbf1e80040257eb9e68f62d966fe53443ca54e120e3a0379152ca80
- SHA512
  
  4dce7c2b72aae70c0af87d0dfca6ffac19dcc11a75f393074353e59781331f3f6f1f4090eec4cb831a38df260eb625c1f46eaaf9ca6cb0bef91876a01afa86bf
- SSDEEP
  
  6144:ZcIh5dHEeTfxgErpyLU2e+oCLCy3a2zmeF2PkhlknBY46kEB7909:ZcfeTJgGmU5C+yqkFph6nBYxD79I
Score

10^/10

collection
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2