e67e141f56c898633d7a9f4920270d19dcfa1f890a1e138f91a5ec5667167e7a | Triage

Resubmissions

10-03-2024 16:48

240310-vbf5fagg3w 8

10-03-2024 16:47

240310-vanswsge23 10

Sharing

General

Target

wCq1RxwL.rar
Size

2.2MB
Sample

240310-vbf5fagg3w
MD5

60a5bb7e4515f7d85ee04f62e61291e6
SHA1

7fcdd6c0a18493ac1c7cb81a218f6008862f0942
SHA256

e67e141f56c898633d7a9f4920270d19dcfa1f890a1e138f91a5ec5667167e7a
SHA512

4b05ef2ea969fb2aeb3e4841d934740a5b1e4fa6dff246a778e66b13866f5dc36c56d1bed302afb98322c5e43494be2f9d0709acd78460dda0ff213418383672
SSDEEP

49152:j69I4hnhshOSD4ezr6avnGSnXrtTIpsTpgpxFU94sgD4hyh4:snh6Oq4ezr6a1rtlTp4/vaI4

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  o_0/cheeto.exe
- Size
  
  2.7MB
- MD5
  
  f6605997c91549e4186fb4d0034c66e4
- SHA1
  
  4d4fe16b3c8631031c705c80d533e7985746268e
- SHA256
  
  1f380cbfc19c54d243e0e970ddbbb0f448f26ac7c2eef81d1d3ede19cf41a9a6
- SHA512
  
  86aea69c8f65912922da5b9347d6031a666cb083bfc3935d92a16a007ba2598bd3516dd7658c73e230a1cf8ec2d995ba3cfdbbe1c4e25d62dd7a6cd83909663c
- SSDEEP
  
  49152:qjgoMlcWYfUFkMpWMONs8cWr2HQ/kLvPlbhVypjalf:kGlcNfekMpWM4c+2Hok7VypWlf
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence