bb2b6c3351c5434f39d97ae64404dd3530355d6e246614f3edddd4c36f996d13 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5803282309361e89a4160f6b21619b80
Size

506KB
Sample

240113-fcmahschd8
MD5

5803282309361e89a4160f6b21619b80
SHA1

ae554eaca14ad325e0768e93919e1091b4811606
SHA256

bb2b6c3351c5434f39d97ae64404dd3530355d6e246614f3edddd4c36f996d13
SHA512

4484c9fc4b3ed599768204ea7d08250aa9ac9aab7eec1c4aef569ae69d2f8dce7f0a1f1c139c32ee4403d0ed49e0ae6714852f284c05847341f4291c7a87394d
SSDEEP

12288:8Z7vk61QKjEAt3lSY3OCnq6rKj2iY3iJJatqMEX87TqtDQ+:8Z7L7vIMOmq6GjzY3nsM6CTq1h

Score

7^/10

Malware Config

Targets

- Target
  
  5803282309361e89a4160f6b21619b80
- Size
  
  506KB
- MD5
  
  5803282309361e89a4160f6b21619b80
- SHA1
  
  ae554eaca14ad325e0768e93919e1091b4811606
- SHA256
  
  bb2b6c3351c5434f39d97ae64404dd3530355d6e246614f3edddd4c36f996d13
- SHA512
  
  4484c9fc4b3ed599768204ea7d08250aa9ac9aab7eec1c4aef569ae69d2f8dce7f0a1f1c139c32ee4403d0ed49e0ae6714852f284c05847341f4291c7a87394d
- SSDEEP
  
  12288:8Z7vk61QKjEAt3lSY3OCnq6rKj2iY3iJJatqMEX87TqtDQ+:8Z7L7vIMOmq6GjzY3nsM6CTq1h
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2