e6f0f75653f735bc4cd8d164d536430945f152d578918e373d08fd7dfbdec028 | Triage

Sharing

General

Target

test.exe
Size

460KB
Sample

230808-tn8vjsfd5z
MD5

5a3309507cba47d2e35ce7db68ef0c86
SHA1

4862d9072be1568377347b4e1556d8d2cc349f43
SHA256

e6f0f75653f735bc4cd8d164d536430945f152d578918e373d08fd7dfbdec028
SHA512

d5abf0d9e1897c22186229fcb97b0a74c290e2c01f1ad197b2c90bed475e35ee8f3319303a26d703493b8d39e3e6983ba37368bdce27b615ef5043cbbab03802
SSDEEP

12288:ljq4EKEb828QWBiANUxCj2AqeMQmNntl:ljqLZ0iANuGKFNnt

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  test.exe
- Size
  
  460KB
- MD5
  
  5a3309507cba47d2e35ce7db68ef0c86
- SHA1
  
  4862d9072be1568377347b4e1556d8d2cc349f43
- SHA256
  
  e6f0f75653f735bc4cd8d164d536430945f152d578918e373d08fd7dfbdec028
- SHA512
  
  d5abf0d9e1897c22186229fcb97b0a74c290e2c01f1ad197b2c90bed475e35ee8f3319303a26d703493b8d39e3e6983ba37368bdce27b615ef5043cbbab03802
- SSDEEP
  
  12288:ljq4EKEb828QWBiANUxCj2AqeMQmNntl:ljqLZ0iANuGKFNnt
Score

8^/10

persistence
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2