307e2b4bc47e8e97fb7540f31a8c1d77262553415786bfacf42a0b642c7f2068 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

517781cef58e0628c22e72e35e6323b2
Size

506KB
Sample

240110-ypnm8agbg8
MD5

517781cef58e0628c22e72e35e6323b2
SHA1

f4e7b34e329a059aef419927a03dbdc9b356eb6c
SHA256

307e2b4bc47e8e97fb7540f31a8c1d77262553415786bfacf42a0b642c7f2068
SHA512

803fb52773af419abf36bd2d542561afa089056d16d83e10ae12ee37e9c40e935fcf4bdbaf9ad0cdeaa2aff1f888327890623fc3d7a0dd43f704db6519a0cafa
SSDEEP

12288:VB8HD97TZ6i2jUgGa+BRWZvPMCbBZFklSpZ:HGH6iV3BRMvPMCb5klSpZ

Score

7^/10

Malware Config

Targets

- Target
  
  517781cef58e0628c22e72e35e6323b2
- Size
  
  506KB
- MD5
  
  517781cef58e0628c22e72e35e6323b2
- SHA1
  
  f4e7b34e329a059aef419927a03dbdc9b356eb6c
- SHA256
  
  307e2b4bc47e8e97fb7540f31a8c1d77262553415786bfacf42a0b642c7f2068
- SHA512
  
  803fb52773af419abf36bd2d542561afa089056d16d83e10ae12ee37e9c40e935fcf4bdbaf9ad0cdeaa2aff1f888327890623fc3d7a0dd43f704db6519a0cafa
- SSDEEP
  
  12288:VB8HD97TZ6i2jUgGa+BRWZvPMCbBZFklSpZ:HGH6iV3BRMvPMCb5klSpZ
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2