2611edeaef75a1f147ef8adda0da5313d3f767dc02b8fd3531bfa7e1b52090c6 | Triage

Sharing

General

Target

NEAS.463be9075c7c655cb0314b4bebb8d920.exe
Size

242KB
Sample

231102-txja9afa3s
MD5

463be9075c7c655cb0314b4bebb8d920
SHA1

73781b8afbc1af3d88c05b83112790cf59c12e0f
SHA256

2611edeaef75a1f147ef8adda0da5313d3f767dc02b8fd3531bfa7e1b52090c6
SHA512

5167f38102ee63abde2a2b613e7b82822bfeea8f29629153f93db54c930ce0aaba2deb32c6a4608acf051ec5016d1c04b11ce0a0f15715092586b6944ca8e3f2
SSDEEP

6144:aY6ToLMce4BBWix5kmU2wjJSw/PNmXZiQmv5jBS9Wdq/Gi:aY6ToLMce4uixGqw9FPNItmtMIdq/X

Score

7^/10

Malware Config

Targets

- Target
  
  NEAS.463be9075c7c655cb0314b4bebb8d920.exe
- Size
  
  242KB
- MD5
  
  463be9075c7c655cb0314b4bebb8d920
- SHA1
  
  73781b8afbc1af3d88c05b83112790cf59c12e0f
- SHA256
  
  2611edeaef75a1f147ef8adda0da5313d3f767dc02b8fd3531bfa7e1b52090c6
- SHA512
  
  5167f38102ee63abde2a2b613e7b82822bfeea8f29629153f93db54c930ce0aaba2deb32c6a4608acf051ec5016d1c04b11ce0a0f15715092586b6944ca8e3f2
- SSDEEP
  
  6144:aY6ToLMce4BBWix5kmU2wjJSw/PNmXZiQmv5jBS9Wdq/Gi:aY6ToLMce4uixGqw9FPNItmtMIdq/X
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2