56bc30e99a76192e7c58678c9ea2df05fe524be0aa8e7d5db2aaf8fbaf76a200 | Triage

Sharing

General

Target

59bc15ce4dccd35ab21625a6bda720a9
Size

1020KB
Sample

231226-g92xxageb3
MD5

59bc15ce4dccd35ab21625a6bda720a9
SHA1

404dfdcde677387314e4cebb5e41cd151a76946e
SHA256

56bc30e99a76192e7c58678c9ea2df05fe524be0aa8e7d5db2aaf8fbaf76a200
SHA512

a9b0741e9fa9aa9f1333cdf3d92cb79fc0ff3c4614ab599db10182bedab91473f8244c90dab48fa03eecf215be07d4e54fc0195e7a8e82cec508816a9e96d3de
SSDEEP

12288:Y7HEcbV+K3FuzGIwo2Zn83uh6y7rCQTrl87+kE3E/:Y7HEcbV1FPo2Z8+h60uQTrl87+k5

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  59bc15ce4dccd35ab21625a6bda720a9
- Size
  
  1020KB
- MD5
  
  59bc15ce4dccd35ab21625a6bda720a9
- SHA1
  
  404dfdcde677387314e4cebb5e41cd151a76946e
- SHA256
  
  56bc30e99a76192e7c58678c9ea2df05fe524be0aa8e7d5db2aaf8fbaf76a200
- SHA512
  
  a9b0741e9fa9aa9f1333cdf3d92cb79fc0ff3c4614ab599db10182bedab91473f8244c90dab48fa03eecf215be07d4e54fc0195e7a8e82cec508816a9e96d3de
- SSDEEP
  
  12288:Y7HEcbV+K3FuzGIwo2Zn83uh6y7rCQTrl87+kE3E/:Y7HEcbV1FPo2Z8+h60uQTrl87+k5
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2