92973c866e4841452b00d674d127c06eb094d6edb403426311799ed41d3b3a26 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

649518268948a177ce2caccf89aba11d
Size

506KB
Sample

240118-f457pseba5
MD5

649518268948a177ce2caccf89aba11d
SHA1

536805fbedfecc54fbcdcbd5420cf6d3202552de
SHA256

92973c866e4841452b00d674d127c06eb094d6edb403426311799ed41d3b3a26
SHA512

8196caeade10759a2767709abeea08b5b6731d76f5a54aadc3c1b086f9729263b1c1457f6455e74504a086910aed682bafcb389be216bcf8eb8dd34228b55123
SSDEEP

12288:WfqJjumG9fUl9mzvAH1g0BVX2dZUeCSIwfJuqS0fs:Wfq8HaVpyZT4wf8gs

Score

7^/10

Malware Config

Targets

- Target
  
  649518268948a177ce2caccf89aba11d
- Size
  
  506KB
- MD5
  
  649518268948a177ce2caccf89aba11d
- SHA1
  
  536805fbedfecc54fbcdcbd5420cf6d3202552de
- SHA256
  
  92973c866e4841452b00d674d127c06eb094d6edb403426311799ed41d3b3a26
- SHA512
  
  8196caeade10759a2767709abeea08b5b6731d76f5a54aadc3c1b086f9729263b1c1457f6455e74504a086910aed682bafcb389be216bcf8eb8dd34228b55123
- SSDEEP
  
  12288:WfqJjumG9fUl9mzvAH1g0BVX2dZUeCSIwfJuqS0fs:Wfq8HaVpyZT4wf8gs
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2