283363e029ade7b5116eb2fac311f6e3a6907a7b97d6537fb6d951808656d346 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9b51cf88001f930837feeaf217f83c7
Size

771KB
Sample

240227-vpp99seg26
MD5

a9b51cf88001f930837feeaf217f83c7
SHA1

016aee310a3e95f1edf0d7b1776cb67047cdd57e
SHA256

283363e029ade7b5116eb2fac311f6e3a6907a7b97d6537fb6d951808656d346
SHA512

7598ce00b003989bbfef1d8da13a038e848a23c1a3ca125020dbb2831f20dbca1db3ecd8e014bc67afb8527dd88839d0f2d024766a2a6c93eac5e49a3c0f94ac
SSDEEP

12288:3lwdujGiPIgf3jAlxKYWFHeQmAfUpMIzxRUECaBwQ2tb5JLrnyl0:3lquj9/jAlxK/1BUpM0t1B+5vM0

Score

7^/10

Malware Config

Targets

- Target
  
  a9b51cf88001f930837feeaf217f83c7
- Size
  
  771KB
- MD5
  
  a9b51cf88001f930837feeaf217f83c7
- SHA1
  
  016aee310a3e95f1edf0d7b1776cb67047cdd57e
- SHA256
  
  283363e029ade7b5116eb2fac311f6e3a6907a7b97d6537fb6d951808656d346
- SHA512
  
  7598ce00b003989bbfef1d8da13a038e848a23c1a3ca125020dbb2831f20dbca1db3ecd8e014bc67afb8527dd88839d0f2d024766a2a6c93eac5e49a3c0f94ac
- SSDEEP
  
  12288:3lwdujGiPIgf3jAlxKYWFHeQmAfUpMIzxRUECaBwQ2tb5JLrnyl0:3lquj9/jAlxK/1BUpM0t1B+5vM0
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2