9d53228a6769b706acdb19165318752f58ad1f36cb24628a202372620eff57ee | Triage

Sharing

General

Target

PL..rar
Size

544KB
Sample

230816-pmspqace9w
MD5

d93c61635050d9001ca5d674b26f700d
SHA1

cc4d69f45f23850da6c892ef77cdf8677f633139
SHA256

9d53228a6769b706acdb19165318752f58ad1f36cb24628a202372620eff57ee
SHA512

c7423c64e9fc3c91f9180f7f5796e847ab87a346a445e88c386ac79a228cff959338f0295c6eadc1332b0b35e5580b82b86cb754ce5428de7bd977450675146c
SSDEEP

12288:/8DdvVzB7vYeAxgr6OlrQu5hrX3ddDXReJ2iUIOxPEBUPLfjEiD4Omko:K9pA7OlrQgjNdDBeJxUBx8B27E04Om3

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
webmail.kbakr.com
Port:
587
Username:
[email protected]
Password:
Chimezie@12

Targets

- Target
  
  PL..exe
- Size
  
  935KB
- MD5
  
  d37fe27e73ac9955f456e05355d165e7
- SHA1
  
  e7b4afc8c5702041f3e0836867b04d2972dc926b
- SHA256
  
  8c414fd23baa45985fd610990929794b1e99d2ea6054b0ad8b95d2fc2ceeecc7
- SHA512
  
  60c2868fe7facb302c0ed0eceeac8b281a2136016532b26cb07c2e3452244a091211eac6e74946d4a70b15d17f8c3e748e4cfb82971399adf8b9d696e07dab24
- SSDEEP
  
  24576:fkpRs6CE3jLMpppdpppppUO9Rs6CE3jLMpppdpppppUOhUFn0iGJUYIN27XoL3EX:fORs6CE3jLbO9Rs6CE3jLbOhM0iGu2oE
Score

10^/10

persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2