5848719114199ccfb664315ffba0d8c8715a0761646ed6daf2108b5f3028bfe3 | Triage

Sharing

General

Target

2525b0f3a69a183eb2d609bb7aeb5b6e
Size

1000KB
Sample

231231-dbf11abbbm
MD5

2525b0f3a69a183eb2d609bb7aeb5b6e
SHA1

5334ff947ddf8a36c9fbf0d9c5a2bf97ecc34fbb
SHA256

5848719114199ccfb664315ffba0d8c8715a0761646ed6daf2108b5f3028bfe3
SHA512

07932cc496473e009b1d80280ca88c06431a92fc35d87a298432decf9e97396f1674d42a4ed4fc22eb570eb5d4f08e0bcd72adbac81af977177448a56b2f3f60
SSDEEP

12288:nOY+AA+FcNigV9JAJ+QsYoAKQUehhtTCWc0QEF8avECaBwQ2tb5JLrnylUPqt0gD:nRLAvDCJ+YlHT7c0y1B+5vMiqt0gj2ed

Score

7^/10

Malware Config

Targets

- Target
  
  2525b0f3a69a183eb2d609bb7aeb5b6e
- Size
  
  1000KB
- MD5
  
  2525b0f3a69a183eb2d609bb7aeb5b6e
- SHA1
  
  5334ff947ddf8a36c9fbf0d9c5a2bf97ecc34fbb
- SHA256
  
  5848719114199ccfb664315ffba0d8c8715a0761646ed6daf2108b5f3028bfe3
- SHA512
  
  07932cc496473e009b1d80280ca88c06431a92fc35d87a298432decf9e97396f1674d42a4ed4fc22eb570eb5d4f08e0bcd72adbac81af977177448a56b2f3f60
- SSDEEP
  
  12288:nOY+AA+FcNigV9JAJ+QsYoAKQUehhtTCWc0QEF8avECaBwQ2tb5JLrnylUPqt0gD:nRLAvDCJ+YlHT7c0y1B+5vMiqt0gj2ed
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2