a5af9aba760e69befda532130833338af5a515c2d5fc75df3ceaebc21ef02848 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa1ffe979a62053f4bd0df54b69c2df2
Size

506KB
Sample

240227-zmn2msbd3z
MD5

aa1ffe979a62053f4bd0df54b69c2df2
SHA1

cec35a7d020228212213d0b44d54eadf99df5672
SHA256

a5af9aba760e69befda532130833338af5a515c2d5fc75df3ceaebc21ef02848
SHA512

7edf1f3a3d8813a72241830a1b8a5fbbb125e28cbc6525af2486cb61c0a15cf9f51c4d7f47561d6cfd2c426bb95c2d212835278023d6fbb92feda0c9970f9cfa
SSDEEP

12288:4HuLXPVyu76QxcIda/WKjSn3N5l/DHy6LwY:xwQxcIdAWG+hDH1LwY

Score

7^/10

Malware Config

Targets

- Target
  
  aa1ffe979a62053f4bd0df54b69c2df2
- Size
  
  506KB
- MD5
  
  aa1ffe979a62053f4bd0df54b69c2df2
- SHA1
  
  cec35a7d020228212213d0b44d54eadf99df5672
- SHA256
  
  a5af9aba760e69befda532130833338af5a515c2d5fc75df3ceaebc21ef02848
- SHA512
  
  7edf1f3a3d8813a72241830a1b8a5fbbb125e28cbc6525af2486cb61c0a15cf9f51c4d7f47561d6cfd2c426bb95c2d212835278023d6fbb92feda0c9970f9cfa
- SSDEEP
  
  12288:4HuLXPVyu76QxcIda/WKjSn3N5l/DHy6LwY:xwQxcIdAWG+hDH1LwY
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2