02d4ced916af3219ebe7fb8de17ac18492c09a3dbe2eb59657f5c4173fc79226 | Triage

Sharing

General

Target

425674e7e01c5f53d8881b0a01979e99
Size

506KB
Sample

240105-a4c82affc9
MD5

425674e7e01c5f53d8881b0a01979e99
SHA1

80f1b5c2ffd7e566a1f28c4a5b23e1f8894b9322
SHA256

02d4ced916af3219ebe7fb8de17ac18492c09a3dbe2eb59657f5c4173fc79226
SHA512

0fd27b8c55393124ccbc1aae28d5639a69d8015da422c052f73c2007339d93a68588d8a328a8c8b073aa3a7b5b7c99b0e6d534a462658ad85c10d330140de0c0
SSDEEP

12288:8TUeV01SUfZMnltcKdUeE+CaUDR3fFYsVZMEml/qyT:8TrUBuzvKa6NtYsVZml/qyT

Score

7^/10

Malware Config

Targets

- Target
  
  425674e7e01c5f53d8881b0a01979e99
- Size
  
  506KB
- MD5
  
  425674e7e01c5f53d8881b0a01979e99
- SHA1
  
  80f1b5c2ffd7e566a1f28c4a5b23e1f8894b9322
- SHA256
  
  02d4ced916af3219ebe7fb8de17ac18492c09a3dbe2eb59657f5c4173fc79226
- SHA512
  
  0fd27b8c55393124ccbc1aae28d5639a69d8015da422c052f73c2007339d93a68588d8a328a8c8b073aa3a7b5b7c99b0e6d534a462658ad85c10d330140de0c0
- SSDEEP
  
  12288:8TUeV01SUfZMnltcKdUeE+CaUDR3fFYsVZMEml/qyT:8TrUBuzvKa6NtYsVZml/qyT
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2