c980f372ebe4d629f292d2fcdf9e6bfeecc173cfb2cfa030f4053c62a142c391 | Triage

Sharing

General

Target

038ad1754386792e6688af384b5b70f4
Size

1000KB
Sample

231229-zj71cafebk
MD5

038ad1754386792e6688af384b5b70f4
SHA1

93956fd91a9f444d47aa5f6102c1b84897225638
SHA256

c980f372ebe4d629f292d2fcdf9e6bfeecc173cfb2cfa030f4053c62a142c391
SHA512

6c9ba7aaab729f6e4e87bf486a04f82f1eaa123992106dcca8bd09b780d92fab22b3a5a4e83b7320c7f29b6ba2597ede54152e1fd98deddc3f18b36851bd17e4
SSDEEP

12288:PDJtk8HIjYQWdreH3jc5hIYTkKstYMvL9PECaBwQ2tb5JLrnylUPqt0gHDS7eyod:rJ+aIthITkhtNM1B+5vMiqt0gj2ed

Score

7^/10

Malware Config

Targets

- Target
  
  038ad1754386792e6688af384b5b70f4
- Size
  
  1000KB
- MD5
  
  038ad1754386792e6688af384b5b70f4
- SHA1
  
  93956fd91a9f444d47aa5f6102c1b84897225638
- SHA256
  
  c980f372ebe4d629f292d2fcdf9e6bfeecc173cfb2cfa030f4053c62a142c391
- SHA512
  
  6c9ba7aaab729f6e4e87bf486a04f82f1eaa123992106dcca8bd09b780d92fab22b3a5a4e83b7320c7f29b6ba2597ede54152e1fd98deddc3f18b36851bd17e4
- SSDEEP
  
  12288:PDJtk8HIjYQWdreH3jc5hIYTkKstYMvL9PECaBwQ2tb5JLrnylUPqt0gHDS7eyod:rJ+aIthITkhtNM1B+5vMiqt0gj2ed
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2