b6124fe575725e0fa9669176dfedb0e0e58a2705d59b839fa14eb600115b35f9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09d2e64940f5c55947ebb011f046d394
Size

1000KB
Sample

231230-bnvntabef2
MD5

09d2e64940f5c55947ebb011f046d394
SHA1

6aaf6e56382f3f8f2a75cb50e331cbdb19433622
SHA256

b6124fe575725e0fa9669176dfedb0e0e58a2705d59b839fa14eb600115b35f9
SHA512

545ec4584138a135c4ffce0e4f1e61d097c6b2a7311d23e82b8f390e6d1cf373e79bf44247f98129ccb2777a8e1bd27e66b141b064c5946e5b0438a5c30a43bf
SSDEEP

24576:eDl7xbYcsvL+8D9VSeRB1B+5vMiqt0gj2ed:O7xbi/DH9qOL

Score

7^/10

Malware Config

Targets

- Target
  
  09d2e64940f5c55947ebb011f046d394
- Size
  
  1000KB
- MD5
  
  09d2e64940f5c55947ebb011f046d394
- SHA1
  
  6aaf6e56382f3f8f2a75cb50e331cbdb19433622
- SHA256
  
  b6124fe575725e0fa9669176dfedb0e0e58a2705d59b839fa14eb600115b35f9
- SHA512
  
  545ec4584138a135c4ffce0e4f1e61d097c6b2a7311d23e82b8f390e6d1cf373e79bf44247f98129ccb2777a8e1bd27e66b141b064c5946e5b0438a5c30a43bf
- SSDEEP
  
  24576:eDl7xbYcsvL+8D9VSeRB1B+5vMiqt0gj2ed:O7xbi/DH9qOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2