81490e9ab7104c0ca7e698f7de16098048110e8bdbd1310060c0ee701a28bb51 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

206ba1c9ab75b32885b15723c61945d1
Size

1000KB
Sample

231230-3qr49afcfl
MD5

206ba1c9ab75b32885b15723c61945d1
SHA1

9ff51dd0718c949e735789dfc93e0d0afe7c7f04
SHA256

81490e9ab7104c0ca7e698f7de16098048110e8bdbd1310060c0ee701a28bb51
SHA512

12e3f1efe3a043709f260190cc54a50953c9fbe431f97f39268ca5019525ef098c421453b36f9ae1b95e502055661040dd4d15280d32a1c57f075347c850b948
SSDEEP

24576:JXzixWJvDuugwfrs//TD1B+5vMiqt0gj2ed:JXz0ybNfQ/HqOL

Score

7^/10

Malware Config

Targets

- Target
  
  206ba1c9ab75b32885b15723c61945d1
- Size
  
  1000KB
- MD5
  
  206ba1c9ab75b32885b15723c61945d1
- SHA1
  
  9ff51dd0718c949e735789dfc93e0d0afe7c7f04
- SHA256
  
  81490e9ab7104c0ca7e698f7de16098048110e8bdbd1310060c0ee701a28bb51
- SHA512
  
  12e3f1efe3a043709f260190cc54a50953c9fbe431f97f39268ca5019525ef098c421453b36f9ae1b95e502055661040dd4d15280d32a1c57f075347c850b948
- SSDEEP
  
  24576:JXzixWJvDuugwfrs//TD1B+5vMiqt0gj2ed:JXz0ybNfQ/HqOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2