3b46860e7ffdcc531af1dd81752cce9ae5f410fa1d9b6d1ac3409801c9d8d9c4 | Triage

Sharing

General

Target

ffecb4999889f9dff3f3ca807aa462ac
Size

1000KB
Sample

231228-3grgcsbedr
MD5

ffecb4999889f9dff3f3ca807aa462ac
SHA1

1405ccffb6a9cdfab47b9e8ef7cea6025304a058
SHA256

3b46860e7ffdcc531af1dd81752cce9ae5f410fa1d9b6d1ac3409801c9d8d9c4
SHA512

0c0371aa5be01301f8b7c1a9490813ed5f5e16c6f6e489666dcd8acb98eb64968f1ec018f779a2b85f36ba504f7d79e6cf376e115be59da00dfedcb45bc725eb
SSDEEP

24576:sNp5IbLWzXcsQPCtKP/VN1B+5vMiqt0gj2ed:sNYPvlPlPNhqOL

Score

7^/10

Malware Config

Targets

- Target
  
  ffecb4999889f9dff3f3ca807aa462ac
- Size
  
  1000KB
- MD5
  
  ffecb4999889f9dff3f3ca807aa462ac
- SHA1
  
  1405ccffb6a9cdfab47b9e8ef7cea6025304a058
- SHA256
  
  3b46860e7ffdcc531af1dd81752cce9ae5f410fa1d9b6d1ac3409801c9d8d9c4
- SHA512
  
  0c0371aa5be01301f8b7c1a9490813ed5f5e16c6f6e489666dcd8acb98eb64968f1ec018f779a2b85f36ba504f7d79e6cf376e115be59da00dfedcb45bc725eb
- SSDEEP
  
  24576:sNp5IbLWzXcsQPCtKP/VN1B+5vMiqt0gj2ed:sNYPvlPlPNhqOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2