228eadff9b864a921cce298d3bc8fa4442a8d5e960dc44c0a78628201e8ff458 | Triage

Sharing

General

Target

0fa40f175a17ee369070cf6638d7796a
Size

1000KB
Sample

231230-ftmmlsbgak
MD5

0fa40f175a17ee369070cf6638d7796a
SHA1

ece3736af541cf2e1ed5900d359208d67befff39
SHA256

228eadff9b864a921cce298d3bc8fa4442a8d5e960dc44c0a78628201e8ff458
SHA512

feddac78791ab71eceed4d8362430fec1d42111ee122cf4d2fb5075d2f942a7eca20fb2533a383cb706648cdfb8a34d08a6a5dc71c55d8f29cefbe596525e1f3
SSDEEP

24576:h81t83HTQLly48l3mPCb41B+5vMiqt0gj2ed:hEkHTQLljHPCbSqOL

Score

7^/10

Malware Config

Targets

- Target
  
  0fa40f175a17ee369070cf6638d7796a
- Size
  
  1000KB
- MD5
  
  0fa40f175a17ee369070cf6638d7796a
- SHA1
  
  ece3736af541cf2e1ed5900d359208d67befff39
- SHA256
  
  228eadff9b864a921cce298d3bc8fa4442a8d5e960dc44c0a78628201e8ff458
- SHA512
  
  feddac78791ab71eceed4d8362430fec1d42111ee122cf4d2fb5075d2f942a7eca20fb2533a383cb706648cdfb8a34d08a6a5dc71c55d8f29cefbe596525e1f3
- SSDEEP
  
  24576:h81t83HTQLly48l3mPCb41B+5vMiqt0gj2ed:hEkHTQLljHPCbSqOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2