a956148d2270ef056d8b818e2514c01ceb9a6b19799003644368ac7199d7458c | Triage

Sharing

General

Target

41154c35a65899bc18b7eeb3073b76ce
Size

506KB
Sample

240104-rlt79shgan
MD5

41154c35a65899bc18b7eeb3073b76ce
SHA1

c6f6f37885cf55bd61cc88b8ac6f273ee1693e1f
SHA256

a956148d2270ef056d8b818e2514c01ceb9a6b19799003644368ac7199d7458c
SHA512

c3a5efe149b4c712db51d65c47f62627907925e7d53401e3c6f9f53ba94b5ef2c123408b91936456864782d8327e04dfdc619f9301200bc41544911397741a24
SSDEEP

12288:R+yvRP6Stc5GfVH+mrzwhvuE3uINVoi3xio:AyJPxc5GVHlIvN3uIf3P

Score

7^/10

Malware Config

Targets

- Target
  
  41154c35a65899bc18b7eeb3073b76ce
- Size
  
  506KB
- MD5
  
  41154c35a65899bc18b7eeb3073b76ce
- SHA1
  
  c6f6f37885cf55bd61cc88b8ac6f273ee1693e1f
- SHA256
  
  a956148d2270ef056d8b818e2514c01ceb9a6b19799003644368ac7199d7458c
- SHA512
  
  c3a5efe149b4c712db51d65c47f62627907925e7d53401e3c6f9f53ba94b5ef2c123408b91936456864782d8327e04dfdc619f9301200bc41544911397741a24
- SSDEEP
  
  12288:R+yvRP6Stc5GfVH+mrzwhvuE3uINVoi3xio:AyJPxc5GVHlIvN3uIf3P
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2