4c50986607e29a5a7ac6cd10bbc9a74c40c19f065ac64c437324ea193c289337 | Triage

Sharing

General

Target

DW_Loader.exe
Size

7.2MB
Sample

230701-e6nvrsgf2y
MD5

403594dfcde97ab854c28d623202bb9a
SHA1

5bf3648a98205e5d6fa877ed07878c39e2bea9b0
SHA256

4c50986607e29a5a7ac6cd10bbc9a74c40c19f065ac64c437324ea193c289337
SHA512

ab6afb040094328f33d9a79e6cb304d313a0bf7c3dd66ab791888833a2292328a8fabb8eb7a789e271de868c269e286bd9add3cd0b4ae22d379a4894e4a6c778
SSDEEP

3072:JahKyd2n31Z5GWp1icKAArDZz4N9GhbkrNEk1dp9es8HcNGfceJT:JahO5p0yN90QEcp9eskcgfcW

Score

10^/10

persistence

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://discord.com/api/webhooks/1123781162368770189/WlSA8ClXCnwVQMGJ80tXCQB0RqQu9_6e2ayukQezCYyTLFqZDS3NX6MGTxlbr8yKYgtZ

Targets

- Target
  
  DW_Loader.exe
- Size
  
  7.2MB
- MD5
  
  403594dfcde97ab854c28d623202bb9a
- SHA1
  
  5bf3648a98205e5d6fa877ed07878c39e2bea9b0
- SHA256
  
  4c50986607e29a5a7ac6cd10bbc9a74c40c19f065ac64c437324ea193c289337
- SHA512
  
  ab6afb040094328f33d9a79e6cb304d313a0bf7c3dd66ab791888833a2292328a8fabb8eb7a789e271de868c269e286bd9add3cd0b4ae22d379a4894e4a6c778
- SSDEEP
  
  3072:JahKyd2n31Z5GWp1icKAArDZz4N9GhbkrNEk1dp9es8HcNGfceJT:JahO5p0yN90QEcp9eskcgfcW
Score

10^/10

persistence
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1