bddbe4d41a3b18d4ffd7ddc2d6cf6bc733df3d12609404660d388400be4ba6ed | Triage

Sharing

General

Target

8ce69e39addebe3d8f6d287887ddfd52
Size

506KB
Sample

240203-vwas6aggbl
MD5

8ce69e39addebe3d8f6d287887ddfd52
SHA1

b4fb6a2d0e046e3a04c39e39d1476e76f30fe0c5
SHA256

bddbe4d41a3b18d4ffd7ddc2d6cf6bc733df3d12609404660d388400be4ba6ed
SHA512

2f7f074b443c4fb9d5012a8d2d438e0ed23216536a4e1fce014406a6119582f21f3bb9bb392965b9e6a27a1c4786497cf1cf979161a3c7090d82c70c754c661d
SSDEEP

12288:vWA8dBO5uhR0yNttMsgxi/VIjI+8OADKZXfp8Fl4L/1Dl:vWA8dKuYyDtZ050dcOlaDl

Score

7^/10

Malware Config

Targets

- Target
  
  8ce69e39addebe3d8f6d287887ddfd52
- Size
  
  506KB
- MD5
  
  8ce69e39addebe3d8f6d287887ddfd52
- SHA1
  
  b4fb6a2d0e046e3a04c39e39d1476e76f30fe0c5
- SHA256
  
  bddbe4d41a3b18d4ffd7ddc2d6cf6bc733df3d12609404660d388400be4ba6ed
- SHA512
  
  2f7f074b443c4fb9d5012a8d2d438e0ed23216536a4e1fce014406a6119582f21f3bb9bb392965b9e6a27a1c4786497cf1cf979161a3c7090d82c70c754c661d
- SSDEEP
  
  12288:vWA8dBO5uhR0yNttMsgxi/VIjI+8OADKZXfp8Fl4L/1Dl:vWA8dKuYyDtZ050dcOlaDl
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2