f6ca5a78216042540d6fde1c6b2ed91f71eaa9697c2a5bed161cfa993638c593 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

asdf.exe
Size

12.9MB
Sample

231012-esmesaeb2v
MD5

47866528dcb6bb0983b453be642f3032
SHA1

d6e62514f13b597047e8008186fc973ed49e9beb
SHA256

f6ca5a78216042540d6fde1c6b2ed91f71eaa9697c2a5bed161cfa993638c593
SHA512

502b9954083d9ba625920f0b21506745aa1cd74b5afac81c52f437afd0d02a99610b3f65a4308ca4ccce946df8eee86734038053e72bc8f596d395366636dd0a
SSDEEP

393216:w8FuG/1FeREWU0CEDR1J83a10g90+ysmex2tVdRk:w8FuG/jeRHCEDRjEaX0LIxS

Score

7^/10

discovery pyinstaller

Malware Config

Targets

- Target
  
  asdf.exe
- Size
  
  12.9MB
- MD5
  
  47866528dcb6bb0983b453be642f3032
- SHA1
  
  d6e62514f13b597047e8008186fc973ed49e9beb
- SHA256
  
  f6ca5a78216042540d6fde1c6b2ed91f71eaa9697c2a5bed161cfa993638c593
- SHA512
  
  502b9954083d9ba625920f0b21506745aa1cd74b5afac81c52f437afd0d02a99610b3f65a4308ca4ccce946df8eee86734038053e72bc8f596d395366636dd0a
- SSDEEP
  
  393216:w8FuG/1FeREWU0CEDR1J83a10g90+ysmex2tVdRk:w8FuG/jeRHCEDRjEaX0LIxS
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2