fff71b70310cac2460f312ba97dce43aef7a7d0851d4955e332fc895d680a390

Sharing

Copy URL Twitter E-mail

General

Target

serv.zip
Size

3.3MB
Sample

240224-ssmmfagc4w
MD5

1926f6e73c07f7d1c20663b8dcd5bfc2
SHA1

b138620736d0be56cfc482cf0215e642dbfe6c6a
SHA256

fff71b70310cac2460f312ba97dce43aef7a7d0851d4955e332fc895d680a390
SHA512

2742e2a1551925ed9fd32d239b48820a21b5c234282f4ddee0ab9c180483cc02e3f41267de404b000988b5947451d554b9c88b3a4b01e56492d8fd27ac899a5f
SSDEEP

98304:Kq3a5jjEPjKsYiBg8E7u/Q8ltmiGfbIPbcl6XJ4VsJZu:u5MKCgt6jtmBKr4V7

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  severe_1/severe/Instructions.txt
- Size
  
  937B
- MD5
  
  edea75e3df84ff1220e4cb8742e0cb43
- SHA1
  
  a340c6afed297af02900bf4d4bbe20ff287ca089
- SHA256
  
  6c211ae4095510b197a3a4cfa1ba187e2983792f83f1404f200c5d773f11cd9a
- SHA512
  
  807f3ec9ef1739f6e6fb3406d7b35266f9eea6f8cee527a8cd188fa3d763cb3a2827d760705390f13c5a0b992b402d7b1705b45645a4a593977512126de170e9
Score

3^/10
behavioral1 behavioral2
- Target
  
  severe_1/severe/dependencies/build.dll
- Size
  
  5.0MB
- MD5
  
  720a4d11b022679a65a923b727987bcd
- SHA1
  
  1960cd277a63dab5c8c774e21cf03bfe4b444de0
- SHA256
  
  0165c8a4c7c61c8f708914a0a67d58cc33ed5a8a81eee516642cef379e03884c
- SHA512
  
  ea8dcd548b17aeb3b08a5704dd0135cf88db32f3dddba00f54d74eace18a514dd7d464499c73f3469f738fa6749ceb798f8237344c09117861f821c4b940ae20
- SSDEEP
  
  98304:coaSlmNnZHw9qJyQELYuPeRiqC8hJtULYq:nRmjw5QELYMYiJ8nur
Score

1^/10
behavioral3 behavioral4
- Target
  
  severe_1/severe/md._syn/map.exe
- Size
  
  249KB
- MD5
  
  69cd3955c5a405d8c09a18e0bb270833
- SHA1
  
  99dde6575d012307b0e73af6333a89f3940a2a3f
- SHA256
  
  d0e7be944bebd1b5f7f99061083d6cf9e9feb688713184741b24a79af9dc260b
- SHA512
  
  b60e888cbb4134f57f7b15f455bb53b9d7f4fa4b9fa1c276a64f4cad5b88783d5fcd75a465109cf968418265b01fdca9a0f2d679405f2f92f08260cddab8bb9d
- SSDEEP
  
  6144:lrZ/eDy9gNzl9Xx4qbTsPsEJtOGTxnTR:lF/eDy9ol9XqqXsUEJ5
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral5 behavioral6
- Target
  
  severe_1/severe/software.exe
- Size
  
  290KB
- MD5
  
  0fdf86712b07b8568aaae81f505e9d54
- SHA1
  
  494fd0668d5f68bd2cf50c0d5d0d83faff49645e
- SHA256
  
  d3a080343f8c365724a55a0a0e7f9c0e85c69b3559a524b6c449232e63954bbf
- SHA512
  
  860b1ab6c3e0bb40404ecf91ae38179bc2adc2b6477348ade661d6cb4b6ca367a6c9806528e82962d62ca401fdee374d5f15b13e864a16fd03023c8bd9de1ae8
- SSDEEP
  
  6144:we4j+ZP8pFb7nMyKphq+pcsrRe5+gmCI5QeAg:z4RnnMyKb9Ssro+nt
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  severe_1/severe/spoof/roblox not opening, read this!.rtf
- Size
  
  451B
- MD5
  
  244a0bd1b8c0f53c98ef6bf0e71a5dae
- SHA1
  
  f08dbaf69999d9d255cd759cf2eb38ee96f42ab1
- SHA256
  
  d118ede049b8bf7f1c6f1ed894968aae7ba728ff24e65b0728cb18af0ef5106f
- SHA512
  
  46181110d3c9ed909af5bc247417b6b6c090d329cd1dd09b091f935c682fd496c0e7eb548e13b4146b0be710f2b9fde157212509240a81532f80eaab03a4d3b9
Score

1^/10
behavioral10 behavioral9
- Target
  
  severe_1/severe/spoof/spoof.exe
- Size
  
  1.6MB
- MD5
  
  f7fc7000fecaab389d7bc2c5cf42df64
- SHA1
  
  71454e38b067a59866be4efcc1af698371cfb0f4
- SHA256
  
  f39c0f268730f4529a5d1d28af7ccbd1ef3d9e132c67bcdf808ac78acc2dddcf
- SHA512
  
  de36e6c15bf10e5ed69d39fc4f5e4c4128bcad7fe8fab403622cbb969a80da59213f133d797c87425ae7651d4f3a749a16bac36e44aeb4d62ecfb7fae3e52d4b
- SSDEEP
  
  24576:PiOm0tuHBEwdjEaZJVamphU9hDe/1Cdc0LQgTjCQyQwodrtDTHf66bmIHYV6O:PiNVxdjEabpGD8bE5yQwodrtDT/lK6O
Score

1^/10
behavioral11 behavioral12
- Target
  
  severe_1/severe/spoof/~$blox not opening, read this!.rtf
- Size
  
  162B
- MD5
  
  306d335e6b19cbe44eef21b7eb7cf36d
- SHA1
  
  8126d4ea7670d9560a123014e88914f1476ad67d
- SHA256
  
  9316b34c86afc8b8b34490e2789c8d8f0bce621ac9c8921fab8e3aa92beb740c
- SHA512
  
  bcbd855dbef669ea85e2089723349c2ca7b9fb14213b10bb3aef4139f19f07322aadc69b86a682856e74fda1098a0d0135c578c8bd3942dd6435216d77cc074f
Score

1^/10
behavioral13 behavioral14
- Target
  
  severe_1/severe/updater.dll
- Size
  
  15KB
- MD5
  
  bcbfa2290d69c0a580883babfc11a8e5
- SHA1
  
  a06e7fd14cf2ea5c08fe2d90d8a45d4363eb1521
- SHA256
  
  f30af7cee1dce6797955cc78e27f547ef6b79a90ea158f0653f107c2bd69cd6c
- SHA512
  
  db99a287bf1d1f22adf626f06a75af738772adc9f9a78d5bdf33cb3a50d237dca2cb7ee1e57dde740912f0ec917c6d51765badabe33ce574e08592f34ac4992e
- SSDEEP
  
  192:LEpEpFyPeyAcgBvSEASjjU3MrsX252QWlevNTg0G1jlQnst:LEKpFyWy/gBql0jU3/XWoIVkhQns
Score

1^/10
behavioral15 behavioral16
- Target
  
  severe_1/severe/updater.exe
- Size
  
  150KB
- MD5
  
  34599858dde506897c5ea7fe0730bbed
- SHA1
  
  74c4c58ca9e57a5888b368ed74a991a72e685ee2
- SHA256
  
  72227470d5b299fb673de6be2c3771134bdfad20df51f6ec7366b0ecddd38468
- SHA512
  
  344dd45c60e2b4dc3019acf40f8e35114dfa32f46160ee223349cad83defd3966972b8215c8e01b526f481c4fa19d4803c74b407ffaf8d2bbdcd1ca8be312703
- SSDEEP
  
  3072:sczkitvo4BpYN/6mBPry8TXROLdW5m4mURQ9OOGL0kyu:sA4NCmBPry/N2cOOGE
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Sets service image path in registry

Legitimate hosting services abused for malware hosting/C2

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18