25292478e07fa1915017f325503e3711115aa25611d074715a8c51746b5a8759 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15c962864d8f8572fd4da10e811feca4
Size

483KB
Sample

231230-metkyaggcn
MD5

15c962864d8f8572fd4da10e811feca4
SHA1

10ba2b23fd1482b041351289e457c5f4eeb6579f
SHA256

25292478e07fa1915017f325503e3711115aa25611d074715a8c51746b5a8759
SHA512

fa461d1812d5eb042ab560cf54bc5ad0ac32a6777d1a4aaeef4af23d3c934b7502fb3013a92861410e0e674b26a6000e15a71a1402fafc69eb8396b9aeb41b8b
SSDEEP

12288:LRs1v1bVObHH9IiTCtvn9nAn/NogiLxC4pSD2DrbbTGr7s64ihYEPr:G1Ngz9ItZ9nA/NQooSD8fO0uhvPr

Score

7^/10

Malware Config

Targets

- Target
  
  15c962864d8f8572fd4da10e811feca4
- Size
  
  483KB
- MD5
  
  15c962864d8f8572fd4da10e811feca4
- SHA1
  
  10ba2b23fd1482b041351289e457c5f4eeb6579f
- SHA256
  
  25292478e07fa1915017f325503e3711115aa25611d074715a8c51746b5a8759
- SHA512
  
  fa461d1812d5eb042ab560cf54bc5ad0ac32a6777d1a4aaeef4af23d3c934b7502fb3013a92861410e0e674b26a6000e15a71a1402fafc69eb8396b9aeb41b8b
- SSDEEP
  
  12288:LRs1v1bVObHH9IiTCtvn9nAn/NogiLxC4pSD2DrbbTGr7s64ihYEPr:G1Ngz9ItZ9nA/NQooSD8fO0uhvPr
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2