efd4294e5c0c63734549b99acf4497a713ca225670af297d14a1eeb5a8858c97 | Triage

Sharing

General

Target

RCO.exe
Size

215KB
Sample

240211-nfk6maff2y
MD5

855687fbdb46e1fb4a0fbb6fa73bead6
SHA1

5e97ea3cb81d57a462ff99f0e4dc7ede1da4ff0e
SHA256

efd4294e5c0c63734549b99acf4497a713ca225670af297d14a1eeb5a8858c97
SHA512

99f4eb50b3f68500776a85be57cf5b4f5644cc560eb51c9598a11075de04332e47f35691b12cd6da282cc6ea2d8290c29aef72718f37e5e1aeb95f8a33d6790a
SSDEEP

6144:MBlkZvaF4NTBNw7zzALBp7VMfct/hSKUKq438e7Qo/:MoSWNTjezALPtt/Bj38eh/

Score

8^/10

Malware Config

Targets

- Target
  
  RCO.exe
- Size
  
  215KB
- MD5
  
  855687fbdb46e1fb4a0fbb6fa73bead6
- SHA1
  
  5e97ea3cb81d57a462ff99f0e4dc7ede1da4ff0e
- SHA256
  
  efd4294e5c0c63734549b99acf4497a713ca225670af297d14a1eeb5a8858c97
- SHA512
  
  99f4eb50b3f68500776a85be57cf5b4f5644cc560eb51c9598a11075de04332e47f35691b12cd6da282cc6ea2d8290c29aef72718f37e5e1aeb95f8a33d6790a
- SSDEEP
  
  6144:MBlkZvaF4NTBNw7zzALBp7VMfct/hSKUKq438e7Qo/:MoSWNTjezALPtt/Bj38eh/
Score

8^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1