85080c93fed815e1de0896f7e79b99c9d6895572f9223f95ba6f52d132c52b26 | Triage

Sharing

General

Target

e-dekont.exe
Size

151KB
Sample

230815-pxxrescf61
MD5

14bd8b5985684a0950002735f935c0a1
SHA1

b97edaa29c2171288a6525a1461d86dc0bc2b0b8
SHA256

85080c93fed815e1de0896f7e79b99c9d6895572f9223f95ba6f52d132c52b26
SHA512

dd5a0415ebbb0067363624354be107c9f337c21e4b0b6605624414c6b92b65387430cdbdc4cb31cb364365908792bb88a44c204dddf4723f330c901b79a662d2
SSDEEP

3072:LtveuyvFnfh9GVY+z5XKMikgbbfjqfhAP8tTk:5TyvFOVY+zOkgbbb2AEZ

Score

7^/10

Malware Config

Targets

- Target
  
  e-dekont.exe
- Size
  
  151KB
- MD5
  
  14bd8b5985684a0950002735f935c0a1
- SHA1
  
  b97edaa29c2171288a6525a1461d86dc0bc2b0b8
- SHA256
  
  85080c93fed815e1de0896f7e79b99c9d6895572f9223f95ba6f52d132c52b26
- SHA512
  
  dd5a0415ebbb0067363624354be107c9f337c21e4b0b6605624414c6b92b65387430cdbdc4cb31cb364365908792bb88a44c204dddf4723f330c901b79a662d2
- SSDEEP
  
  3072:LtveuyvFnfh9GVY+z5XKMikgbbfjqfhAP8tTk:5TyvFOVY+zOkgbbb2AEZ
Score

7^/10
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2