b211f5998b2bc0f9a2bbc99c9f529edc4f9503d3f15d09feef246b73d95c8b89 | Triage

Sharing

General

Target

credits_to_unknown_.rar
Size

281KB
Sample

231103-ek8m2sbg5v
MD5

c8133cae5ab6c986dca3abc026c95277
SHA1

0df2aaf805e93924d799e3487472a6efb8fb5d44
SHA256

b211f5998b2bc0f9a2bbc99c9f529edc4f9503d3f15d09feef246b73d95c8b89
SHA512

55f8e8e7c7e6f4fb2696efd267b23d533bd31c30a9e45a780a38b75223e3a6411ee737e61ea134714cd6208f8256a94a3eb69f8bee5a9014dd0983a34d3d1928
SSDEEP

6144:dcCjyaiDZExd1JVWmRHgupLWaOXa/LGI2NhUNLZO/DG/43:+TbSd3VWa9piXq6wNLo/DK43

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  SPOILER_0044_dark.exe
- Size
  
  503KB
- MD5
  
  7749b4bd2e49b6a06e40cd430e53fe86
- SHA1
  
  afe3c340aab370e13dad2d3f88b8890c14599cdc
- SHA256
  
  ffff625c39d1bbdb7f4dd5aac98f899beebf99acd138563a1b23b577ed0f37ac
- SHA512
  
  85a97b046d45580750757a2d76f6a341bf1dbaa634ac8e3217a3aaffcb31c622dc72b47ae244ea27fae0a71b78501e6bde0ac29329f20f5d5d946e8311fd0131
- SSDEEP
  
  12288:SQXvyf/T1SF1P/Ocqqn+UxCj2AqeMQm56cU:5Xcb1SF1P/Otqn+uGKFw
Score

8^/10

evasion persistence
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

evasionpersistence