08106b6c9bbbeaf87da62d0a843605457c969fe3fdcac0f43f3b99af54db4a08 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2503410ad9784aab0751e1103eb92ed9
Size

506KB
Sample

231225-rnn42aacd2
MD5

2503410ad9784aab0751e1103eb92ed9
SHA1

957472cefcd6af50932af24ea679ee3af8685931
SHA256

08106b6c9bbbeaf87da62d0a843605457c969fe3fdcac0f43f3b99af54db4a08
SHA512

88c2a46d4d4a66c7757c291a5babfd71b846b097511ab57baa01b08c4ef7537977bd6fb10b3134e6c99d44b2e40794f187b478304168ad66ffde9b308d9b73de
SSDEEP

12288:b5clwqCCOZtkMlxYOmgR6uJ76Dl1GY+Y5v8Swaz9:b5cGm2xYOmgRODlAY+TI

Score

7^/10

Malware Config

Targets

- Target
  
  2503410ad9784aab0751e1103eb92ed9
- Size
  
  506KB
- MD5
  
  2503410ad9784aab0751e1103eb92ed9
- SHA1
  
  957472cefcd6af50932af24ea679ee3af8685931
- SHA256
  
  08106b6c9bbbeaf87da62d0a843605457c969fe3fdcac0f43f3b99af54db4a08
- SHA512
  
  88c2a46d4d4a66c7757c291a5babfd71b846b097511ab57baa01b08c4ef7537977bd6fb10b3134e6c99d44b2e40794f187b478304168ad66ffde9b308d9b73de
- SSDEEP
  
  12288:b5clwqCCOZtkMlxYOmgR6uJ76Dl1GY+Y5v8Swaz9:b5cGm2xYOmgRODlAY+TI
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2