ba055170c9500ed57492e1f20f52977ffa781fc7ae85e57f1402048592089659 | Triage

Sharing

General

Target

3e093000540e08d82ce58fe9a463ada6
Size

1000KB
Sample

240101-2chszseca5
MD5

3e093000540e08d82ce58fe9a463ada6
SHA1

90682c674bac2bacf0c35cc1125570377e969cde
SHA256

ba055170c9500ed57492e1f20f52977ffa781fc7ae85e57f1402048592089659
SHA512

9879b4248745d57ee35030c754cb46d61834c793836bbe9bafce89bdc121b6b13538648a792fff7880a5939154941ccfef8c6451e23f63a9c23077c37b21cae7
SSDEEP

24576:/09GiKfK/1NNxdmnUCU1B+5vMiqt0gj2ed:MIQNxdmnTGqOL

Score

7^/10

Malware Config

Targets

- Target
  
  3e093000540e08d82ce58fe9a463ada6
- Size
  
  1000KB
- MD5
  
  3e093000540e08d82ce58fe9a463ada6
- SHA1
  
  90682c674bac2bacf0c35cc1125570377e969cde
- SHA256
  
  ba055170c9500ed57492e1f20f52977ffa781fc7ae85e57f1402048592089659
- SHA512
  
  9879b4248745d57ee35030c754cb46d61834c793836bbe9bafce89bdc121b6b13538648a792fff7880a5939154941ccfef8c6451e23f63a9c23077c37b21cae7
- SSDEEP
  
  24576:/09GiKfK/1NNxdmnUCU1B+5vMiqt0gj2ed:MIQNxdmnTGqOL
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2