9dfb814be00c17f90a227e53a0f9f43da49e2a814892d818c5e38f0f02d1f3e3 | Triage

Sharing

General

Target

5963ba78e86282b09351712152b1ab04
Size

506KB
Sample

231226-g5224sfhc8
MD5

5963ba78e86282b09351712152b1ab04
SHA1

ebf98da49bc1c21e9e139f2a4c89018cf4ecd693
SHA256

9dfb814be00c17f90a227e53a0f9f43da49e2a814892d818c5e38f0f02d1f3e3
SHA512

6b68de48f1f1435b78004a0abbf6223e88dd133caf3aa63a3cfdb6fe0e2c69bfdc3ed8b95f3b548343fb7bc6bdb59a9584d781421f37076402f652893eef64b4
SSDEEP

12288:TSh+T5dwSe7IHip9fw58HMtRFo8B1w0+XujLP5Qtohk:TSwTzwSe7IewicRF7B1v+XupQtohk

Score

7^/10

Malware Config

Targets

- Target
  
  5963ba78e86282b09351712152b1ab04
- Size
  
  506KB
- MD5
  
  5963ba78e86282b09351712152b1ab04
- SHA1
  
  ebf98da49bc1c21e9e139f2a4c89018cf4ecd693
- SHA256
  
  9dfb814be00c17f90a227e53a0f9f43da49e2a814892d818c5e38f0f02d1f3e3
- SHA512
  
  6b68de48f1f1435b78004a0abbf6223e88dd133caf3aa63a3cfdb6fe0e2c69bfdc3ed8b95f3b548343fb7bc6bdb59a9584d781421f37076402f652893eef64b4
- SSDEEP
  
  12288:TSh+T5dwSe7IHip9fw58HMtRFo8B1w0+XujLP5Qtohk:TSwTzwSe7IewicRF7B1v+XupQtohk
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2