aa1e091ba7093eed268e23a0c7775dc9893cafb5acff83c0a188f1729d6b8a1e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2267bde80ee14b7c583a9682351fe71c
Size

506KB
Sample

231231-bbxyeaahep
MD5

2267bde80ee14b7c583a9682351fe71c
SHA1

074cfea4e07c392ae0c269ca9f805e26acdc9f31
SHA256

aa1e091ba7093eed268e23a0c7775dc9893cafb5acff83c0a188f1729d6b8a1e
SHA512

0e9142f845bf74a7c751809ac2b8c6fbd7bcb896245321bcfea5300dd85335899dd3aeea84406a3f21d1acf8769ebcd7ec7830f676070e6e5dd4e842f1ad2e84
SSDEEP

12288:+5D6yMvKy7/Yfcft9KmWQe4zwBHzAD5nvbO3XzD6fvi7/s1MnhJ8:+VjcWmWQe/kpvy3DAi701MnhJ8

Score

7^/10

Malware Config

Targets

- Target
  
  2267bde80ee14b7c583a9682351fe71c
- Size
  
  506KB
- MD5
  
  2267bde80ee14b7c583a9682351fe71c
- SHA1
  
  074cfea4e07c392ae0c269ca9f805e26acdc9f31
- SHA256
  
  aa1e091ba7093eed268e23a0c7775dc9893cafb5acff83c0a188f1729d6b8a1e
- SHA512
  
  0e9142f845bf74a7c751809ac2b8c6fbd7bcb896245321bcfea5300dd85335899dd3aeea84406a3f21d1acf8769ebcd7ec7830f676070e6e5dd4e842f1ad2e84
- SSDEEP
  
  12288:+5D6yMvKy7/Yfcft9KmWQe4zwBHzAD5nvbO3XzD6fvi7/s1MnhJ8:+VjcWmWQe/kpvy3DAi701MnhJ8
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2