da02136ee6059addaf02407fd2c7e9875910df8a1516985ae026909f7e4b6140 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e96fc6ea1d9a0363a543ca2c9cc87bb
Size

506KB
Sample

231230-e6hzhsgbh6
MD5

0e96fc6ea1d9a0363a543ca2c9cc87bb
SHA1

246fba82d868623aff00f5d556fb8a06c994ae5a
SHA256

da02136ee6059addaf02407fd2c7e9875910df8a1516985ae026909f7e4b6140
SHA512

4f2d5a42b7004c732f91cba9487c5419af1a6e6b17e20d3402917e1f40ed4942c5f7e68e61194763faa85bdfcf340d78d9beecde0c2fa5eaac1d306ef6a01f30
SSDEEP

12288:ZiRQk+HhwXzryQrsyhCfSdl8vXZXAgKbW8qGwzt6KPBEZ6:QQf6NsyhCfoqXgqGjGBEI

Score

7^/10

Malware Config

Targets

- Target
  
  0e96fc6ea1d9a0363a543ca2c9cc87bb
- Size
  
  506KB
- MD5
  
  0e96fc6ea1d9a0363a543ca2c9cc87bb
- SHA1
  
  246fba82d868623aff00f5d556fb8a06c994ae5a
- SHA256
  
  da02136ee6059addaf02407fd2c7e9875910df8a1516985ae026909f7e4b6140
- SHA512
  
  4f2d5a42b7004c732f91cba9487c5419af1a6e6b17e20d3402917e1f40ed4942c5f7e68e61194763faa85bdfcf340d78d9beecde0c2fa5eaac1d306ef6a01f30
- SSDEEP
  
  12288:ZiRQk+HhwXzryQrsyhCfSdl8vXZXAgKbW8qGwzt6KPBEZ6:QQf6NsyhCfoqXgqGjGBEI
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2