3ee36d08d1975eb778cea851bbf7dc874e8062c2ff556d397100f860e64db917 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9712c1bfc5685be35f23eb286d75ab65
Size

1000KB
Sample

240212-nvrxqacc8z
MD5

9712c1bfc5685be35f23eb286d75ab65
SHA1

168d6ccec457f25863e77d5d6fa64539ae113c16
SHA256

3ee36d08d1975eb778cea851bbf7dc874e8062c2ff556d397100f860e64db917
SHA512

546f5ff4c3c27d6aa39a5972f53e1847168f8db6bb2f1f21dd7f48ad0a6ee4cae18152684dba5b61acdfd8783773840ec25fbc16b7332defcb231d6d1fc42f5e
SSDEEP

12288:SfomA0l7EJ+fRjScj/nwa8zvOUUfg2rN9qAeFQjBECaBwQ2tb5JLrnylUPqt0gHj:QwMjvwHzfUfzrtLji1B+5vMiqt0gj2ed

Score

7^/10

Malware Config

Targets

- Target
  
  9712c1bfc5685be35f23eb286d75ab65
- Size
  
  1000KB
- MD5
  
  9712c1bfc5685be35f23eb286d75ab65
- SHA1
  
  168d6ccec457f25863e77d5d6fa64539ae113c16
- SHA256
  
  3ee36d08d1975eb778cea851bbf7dc874e8062c2ff556d397100f860e64db917
- SHA512
  
  546f5ff4c3c27d6aa39a5972f53e1847168f8db6bb2f1f21dd7f48ad0a6ee4cae18152684dba5b61acdfd8783773840ec25fbc16b7332defcb231d6d1fc42f5e
- SSDEEP
  
  12288:SfomA0l7EJ+fRjScj/nwa8zvOUUfg2rN9qAeFQjBECaBwQ2tb5JLrnylUPqt0gHj:QwMjvwHzfUfzrtLji1B+5vMiqt0gj2ed
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2