4fd2f26df9d5f0fdde23e6d95b335fd7ce13f7ccb609d596f06047d9520956c3 | Triage

Sharing

General

Target

bad7b7a3222f052bfd8ed7954104f06c
Size

506KB
Sample

240308-kvka4abb24
MD5

bad7b7a3222f052bfd8ed7954104f06c
SHA1

d5f4f24607fcbb259dcfe210f1da5129ace7d26d
SHA256

4fd2f26df9d5f0fdde23e6d95b335fd7ce13f7ccb609d596f06047d9520956c3
SHA512

c5962bfa93868d733a2992c5d5161c2bf56d9ffeacdf99cff5d61097d1cc5421996e84b71a443e67427f589a06aa991ec367d9b0a9cd19a90703c52d648cfda1
SSDEEP

12288:Pny1ndrmU1swNl+s/dIJt4yW1x3niTREbvoAwGLL2q0b:PytRmUpl7VIP4yWTgEbhx70b

Score

7^/10

Malware Config

Targets

- Target
  
  bad7b7a3222f052bfd8ed7954104f06c
- Size
  
  506KB
- MD5
  
  bad7b7a3222f052bfd8ed7954104f06c
- SHA1
  
  d5f4f24607fcbb259dcfe210f1da5129ace7d26d
- SHA256
  
  4fd2f26df9d5f0fdde23e6d95b335fd7ce13f7ccb609d596f06047d9520956c3
- SHA512
  
  c5962bfa93868d733a2992c5d5161c2bf56d9ffeacdf99cff5d61097d1cc5421996e84b71a443e67427f589a06aa991ec367d9b0a9cd19a90703c52d648cfda1
- SSDEEP
  
  12288:Pny1ndrmU1swNl+s/dIJt4yW1x3niTREbvoAwGLL2q0b:PytRmUpl7VIP4yWTgEbhx70b
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2