196b7dd10878c0e526443dbe73b40cb0404ce710d66f15f745a53c40a3a32ded | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a98873d313feb639ea03f5ec7b78161
Size

506KB
Sample

231225-nh6v4seab9
MD5

1a98873d313feb639ea03f5ec7b78161
SHA1

5e17dd64be8ee92f2ff113313712f7d7a46c399a
SHA256

196b7dd10878c0e526443dbe73b40cb0404ce710d66f15f745a53c40a3a32ded
SHA512

8dad7cea67451b3daa2b340c481c89c7c2cf22a37557b6069f4fe464aca0fbe29efc8619426db87cab7b5d91768b0c133ae21e8ccbffdd790c1095ee4255dc69
SSDEEP

12288:F46+C0DtqCZQKD02SyD32dwyEN3KUB3qSh2xt:F46+p0zy6y3KUBaSh2z

Score

7^/10

Malware Config

Targets

- Target
  
  1a98873d313feb639ea03f5ec7b78161
- Size
  
  506KB
- MD5
  
  1a98873d313feb639ea03f5ec7b78161
- SHA1
  
  5e17dd64be8ee92f2ff113313712f7d7a46c399a
- SHA256
  
  196b7dd10878c0e526443dbe73b40cb0404ce710d66f15f745a53c40a3a32ded
- SHA512
  
  8dad7cea67451b3daa2b340c481c89c7c2cf22a37557b6069f4fe464aca0fbe29efc8619426db87cab7b5d91768b0c133ae21e8ccbffdd790c1095ee4255dc69
- SSDEEP
  
  12288:F46+C0DtqCZQKD02SyD32dwyEN3KUB3qSh2xt:F46+p0zy6y3KUBaSh2z
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2