f9c5de8da0a5bfd5eda1af03e0b99cee3a612ba83ccab487e5495c44346353ff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4fe30437c3f35da0c46766ae48fa1d47
Size

506KB
Sample

231226-dwtgtsfgc9
MD5

4fe30437c3f35da0c46766ae48fa1d47
SHA1

338b2360429048388be6a5a635ddd06198a16e4d
SHA256

f9c5de8da0a5bfd5eda1af03e0b99cee3a612ba83ccab487e5495c44346353ff
SHA512

62d6c7ea8c8926c3e4a466b2c7a1a221cd1fb0474cd0bfb1397af529d3d1171f8e6caa4dd32e7026a419fa8112d13ab9308e611fd7b9191994a5ab02b1ff7f27
SSDEEP

12288:ZW4R4bqUX3eRnckA54hYIMLnVhmQaqCEcLmOp/mItr2+RfmTo:5uReRnccYVbWQCzmg/murhRfmTo

Score

7^/10

Malware Config

Targets

- Target
  
  4fe30437c3f35da0c46766ae48fa1d47
- Size
  
  506KB
- MD5
  
  4fe30437c3f35da0c46766ae48fa1d47
- SHA1
  
  338b2360429048388be6a5a635ddd06198a16e4d
- SHA256
  
  f9c5de8da0a5bfd5eda1af03e0b99cee3a612ba83ccab487e5495c44346353ff
- SHA512
  
  62d6c7ea8c8926c3e4a466b2c7a1a221cd1fb0474cd0bfb1397af529d3d1171f8e6caa4dd32e7026a419fa8112d13ab9308e611fd7b9191994a5ab02b1ff7f27
- SSDEEP
  
  12288:ZW4R4bqUX3eRnckA54hYIMLnVhmQaqCEcLmOp/mItr2+RfmTo:5uReRnccYVbWQCzmg/murhRfmTo
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2