fe2625fef00d5b35c028bb3e0ec7369e9d4a9eca99cf3f9b3a15d53eef8b3af6 | Triage

Sharing

General

Target

0cb0372497e23115cd360ead978ccd8a
Size

506KB
Sample

231230-dskeradad5
MD5

0cb0372497e23115cd360ead978ccd8a
SHA1

93e6aedcc155958c7432cb62f2905e106387c780
SHA256

fe2625fef00d5b35c028bb3e0ec7369e9d4a9eca99cf3f9b3a15d53eef8b3af6
SHA512

3254fad4642e71c2e3be5f0bcbf7f717a537c5c35f0118ea359ad1e225865f7266f532a407a600e71561dc93afaa455ce2da054f6e0e1e388ab6cdf4dc168295
SSDEEP

12288:Ra/5CKWxomcDq2+HPMqCKYfyJYjuFrBRNwHpIaH15:Rg4KWqmcDqhHdCK/JJFrBRNaH

Score

7^/10

Malware Config

Targets

- Target
  
  0cb0372497e23115cd360ead978ccd8a
- Size
  
  506KB
- MD5
  
  0cb0372497e23115cd360ead978ccd8a
- SHA1
  
  93e6aedcc155958c7432cb62f2905e106387c780
- SHA256
  
  fe2625fef00d5b35c028bb3e0ec7369e9d4a9eca99cf3f9b3a15d53eef8b3af6
- SHA512
  
  3254fad4642e71c2e3be5f0bcbf7f717a537c5c35f0118ea359ad1e225865f7266f532a407a600e71561dc93afaa455ce2da054f6e0e1e388ab6cdf4dc168295
- SSDEEP
  
  12288:Ra/5CKWxomcDq2+HPMqCKYfyJYjuFrBRNwHpIaH15:Rg4KWqmcDqhHdCK/JJFrBRNaH
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2