1a5ae6ade204b8938f75c0de544cd29800466e5f217689c5154cba1f779784bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

57279e3e920a97e8f5bd8c5d87e620e0
Size

506KB
Sample

240112-wvcrssdahp
MD5

57279e3e920a97e8f5bd8c5d87e620e0
SHA1

13c4f200be0e82649d65c2beb5e277863e0d7c00
SHA256

1a5ae6ade204b8938f75c0de544cd29800466e5f217689c5154cba1f779784bd
SHA512

57dd51d2149af9f7cf6659c3d87223e03dbd27e37250e0528cc2b64edfdec4f3e5b4a452fb6db82dfa2ad0051809c329e48026c107ad49c62642d4aaf3249875
SSDEEP

12288:4TKi/zRbB6NL9vsDLCXX7OvVacooR+63LBg:4TKERENhiL0XyvVaOfS

Score

7^/10

Malware Config

Targets

- Target
  
  57279e3e920a97e8f5bd8c5d87e620e0
- Size
  
  506KB
- MD5
  
  57279e3e920a97e8f5bd8c5d87e620e0
- SHA1
  
  13c4f200be0e82649d65c2beb5e277863e0d7c00
- SHA256
  
  1a5ae6ade204b8938f75c0de544cd29800466e5f217689c5154cba1f779784bd
- SHA512
  
  57dd51d2149af9f7cf6659c3d87223e03dbd27e37250e0528cc2b64edfdec4f3e5b4a452fb6db82dfa2ad0051809c329e48026c107ad49c62642d4aaf3249875
- SSDEEP
  
  12288:4TKi/zRbB6NL9vsDLCXX7OvVacooR+63LBg:4TKERENhiL0XyvVaOfS
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2