980d9b1ed07508c2fdb239f770122251dd4aecf7b05a7f0f55efab691d5d248b | Triage

Submit
Reports

Overview

overview

9

Static

static

3

980d9b1ed0...8b.exe

windows7-x64

9

980d9b1ed0...8b.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

980d9b1ed07508c2fdb239f770122251dd4aecf7b05a7f0f55efab691d5d248b
Size

482KB
Sample

240305-274nyadc44
MD5

228bbbc086fec440340d6880230d7149
SHA1

c85f0310a666a5a142a4b32a51a7580961381d91
SHA256

980d9b1ed07508c2fdb239f770122251dd4aecf7b05a7f0f55efab691d5d248b
SHA512

c6e25b9cb8b253853e73a7cd46424e0bb5e0e7f8a93c4c79862e4aff4b165c77a3ebcc308bfdd87c89fb2ce1b19489e0280318f80ef671125b188eb735271b51
SSDEEP

12288:hniMDUlLG4gczO4qsDX15fvSB3nds6lofIdxtcezZ+JdP+NIUyKVWP33pUfFH:huSB3ndX71jNzyKIPHpQH

Score

9^/10

persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

980d9b1ed07508c2fdb239f770122251dd4aecf7b05a7f0f55efab691d5d248b.exe

Resource

win7-20240221-en

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

980d9b1ed07508c2fdb239f770122251dd4aecf7b05a7f0f55efab691d5d248b.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  980d9b1ed07508c2fdb239f770122251dd4aecf7b05a7f0f55efab691d5d248b
- Size
  
  482KB
- MD5
  
  228bbbc086fec440340d6880230d7149
- SHA1
  
  c85f0310a666a5a142a4b32a51a7580961381d91
- SHA256
  
  980d9b1ed07508c2fdb239f770122251dd4aecf7b05a7f0f55efab691d5d248b
- SHA512
  
  c6e25b9cb8b253853e73a7cd46424e0bb5e0e7f8a93c4c79862e4aff4b165c77a3ebcc308bfdd87c89fb2ce1b19489e0280318f80ef671125b188eb735271b51
- SSDEEP
  
  12288:hniMDUlLG4gczO4qsDX15fvSB3nds6lofIdxtcezZ+JdP+NIUyKVWP33pUfFH:huSB3ndX71jNzyKIPHpQH
Score

9^/10

persistence
- Detects executables (downlaoders) containing URLs to raw contents of a paste
- Detects executables referencing many IR and analysis tools
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy