1a1368c2a7c93cc283431a8a0c4e48cd99afaa303fb8dab768c35d6e7154c036 | Triage

Sharing

General

Target

37382ae0bbed2e7c641c66d793912286
Size

506KB
Sample

231225-xyq92ahfbr
MD5

37382ae0bbed2e7c641c66d793912286
SHA1

062404b90e0b73a3fc94bc2e122db2c2e3df0d8e
SHA256

1a1368c2a7c93cc283431a8a0c4e48cd99afaa303fb8dab768c35d6e7154c036
SHA512

4b93445e2bda315347b8ced3bba4bdc6a284df5cdbd72c01e6948060d7cecd0f09b5066e0a830363f015c97fc1da4849243c178e8af84f150f9ff65e328eafc9
SSDEEP

12288:zZTqnZFH/XIkncUUZUoP7fzlXv+vivK99QHgKgzD3KTbHN0zmFfU0A1:zRyn6VhP75pvImHgKgzbKt0zmFfU/1

Score

7^/10

Malware Config

Targets

- Target
  
  37382ae0bbed2e7c641c66d793912286
- Size
  
  506KB
- MD5
  
  37382ae0bbed2e7c641c66d793912286
- SHA1
  
  062404b90e0b73a3fc94bc2e122db2c2e3df0d8e
- SHA256
  
  1a1368c2a7c93cc283431a8a0c4e48cd99afaa303fb8dab768c35d6e7154c036
- SHA512
  
  4b93445e2bda315347b8ced3bba4bdc6a284df5cdbd72c01e6948060d7cecd0f09b5066e0a830363f015c97fc1da4849243c178e8af84f150f9ff65e328eafc9
- SSDEEP
  
  12288:zZTqnZFH/XIkncUUZUoP7fzlXv+vivK99QHgKgzD3KTbHN0zmFfU0A1:zRyn6VhP75pvImHgKgzbKt0zmFfU/1
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2