97f9a98bad32d0059594f938b6f3328f7baee90d71a6e50f20896ad00af4579a | Triage

Sharing

General

Target

8f2292e72a784800d35d2130cd852b4b
Size

506KB
Sample

240204-pg6z6abcfq
MD5

8f2292e72a784800d35d2130cd852b4b
SHA1

a87899d15d813ea4fb4ebe46ad7e23e0ce36d6fa
SHA256

97f9a98bad32d0059594f938b6f3328f7baee90d71a6e50f20896ad00af4579a
SHA512

c3e55826d3170700e5c8e7d6ece6e9206521956152512f97895638d412d8bb6c2b434a85e388522c8e6cbbb0315b7f72c1936841c707e36c2a5a9ff74dc86cf0
SSDEEP

12288:eyBKi0gXVW5Ay7NRD1uCPolj7xDOhvackLAXMAZlmHkTe+tXcsm3I3dcUh:eyBKiFE5nXhPC7xyCDMXMAZlmHkTe+tF

Score

7^/10

Malware Config

Targets

- Target
  
  8f2292e72a784800d35d2130cd852b4b
- Size
  
  506KB
- MD5
  
  8f2292e72a784800d35d2130cd852b4b
- SHA1
  
  a87899d15d813ea4fb4ebe46ad7e23e0ce36d6fa
- SHA256
  
  97f9a98bad32d0059594f938b6f3328f7baee90d71a6e50f20896ad00af4579a
- SHA512
  
  c3e55826d3170700e5c8e7d6ece6e9206521956152512f97895638d412d8bb6c2b434a85e388522c8e6cbbb0315b7f72c1936841c707e36c2a5a9ff74dc86cf0
- SSDEEP
  
  12288:eyBKi0gXVW5Ay7NRD1uCPolj7xDOhvackLAXMAZlmHkTe+tXcsm3I3dcUh:eyBKiFE5nXhPC7xyCDMXMAZlmHkTe+tF
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2