d681a600472ba3e52cab1b62a4b991c448f52277344250b07490ae45dbc40219 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.bb8846013dc0527716e4ab712cdf9b50.exe
Size

2.1MB
Sample

231103-lmew3sfe8y
MD5

bb8846013dc0527716e4ab712cdf9b50
SHA1

8c87a3f79c8a302cf3f3073e82a4d0934daf61b8
SHA256

d681a600472ba3e52cab1b62a4b991c448f52277344250b07490ae45dbc40219
SHA512

ea41e7a36032ca456b4880ddf3bb2bfecbd98ca91c882cbc2ff96245a5622b1d13095183be77808aa4183888e874f11e9c0cbcd79f9cac40006112a79b2801b1
SSDEEP

24576:k0Hs7LnyfZcPRRhjlcONMrWUMlks/6HnEpKmaT3BdNHh3ctw5FNOanQa9Xv:lHs7Mcp7lqWUDn13ctw5FNOanQa9Xv

Score

7^/10

Malware Config

Targets

- Target
  
  NEAS.bb8846013dc0527716e4ab712cdf9b50.exe
- Size
  
  2.1MB
- MD5
  
  bb8846013dc0527716e4ab712cdf9b50
- SHA1
  
  8c87a3f79c8a302cf3f3073e82a4d0934daf61b8
- SHA256
  
  d681a600472ba3e52cab1b62a4b991c448f52277344250b07490ae45dbc40219
- SHA512
  
  ea41e7a36032ca456b4880ddf3bb2bfecbd98ca91c882cbc2ff96245a5622b1d13095183be77808aa4183888e874f11e9c0cbcd79f9cac40006112a79b2801b1
- SSDEEP
  
  24576:k0Hs7LnyfZcPRRhjlcONMrWUMlks/6HnEpKmaT3BdNHh3ctw5FNOanQa9Xv:lHs7Mcp7lqWUDn13ctw5FNOanQa9Xv
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2