ec87108cd066e07a354326b976cbc7d3d6f0343902c7099c60a9799e13cc6f5d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1663a3cf34ffbeebb286dd2a555ab378
Size

506KB
Sample

231230-mwlxescdeq
MD5

1663a3cf34ffbeebb286dd2a555ab378
SHA1

2e51f6b142d721b27bc225eef8964a5ad8ab1102
SHA256

ec87108cd066e07a354326b976cbc7d3d6f0343902c7099c60a9799e13cc6f5d
SHA512

1737d9b6c7e3b8105208c687779e71f369ae37985021f0a30e16f580f5e6e06963ef7a6f8258ca7c95caac4c30ad7138f0aebf46c9aa2f031cccc1b13dd9c2a0
SSDEEP

12288:NUwMIEg840QsokAcYUwMIEg840QsokAcYUwMIEg8NJFB951xtplhdZVRNJF951t5:zW4UB6jyXyyRHGaYPxLU

Score

7^/10

Malware Config

Targets

- Target
  
  1663a3cf34ffbeebb286dd2a555ab378
- Size
  
  506KB
- MD5
  
  1663a3cf34ffbeebb286dd2a555ab378
- SHA1
  
  2e51f6b142d721b27bc225eef8964a5ad8ab1102
- SHA256
  
  ec87108cd066e07a354326b976cbc7d3d6f0343902c7099c60a9799e13cc6f5d
- SHA512
  
  1737d9b6c7e3b8105208c687779e71f369ae37985021f0a30e16f580f5e6e06963ef7a6f8258ca7c95caac4c30ad7138f0aebf46c9aa2f031cccc1b13dd9c2a0
- SSDEEP
  
  12288:NUwMIEg840QsokAcYUwMIEg840QsokAcYUwMIEg8NJFB951xtplhdZVRNJF951t5:zW4UB6jyXyyRHGaYPxLU
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2