186d912f7996e74a22df25b3f55d8b4d45676996f4d9c5fb8b4d3c8b1fb84426 | Triage

Sharing

General

Target

c1c84226d5b94ea90d7930cf7ea36978
Size

506KB
Sample

240311-2kdt1agd81
MD5

c1c84226d5b94ea90d7930cf7ea36978
SHA1

4f98885758753f49b362686340d4d50744c1d3b1
SHA256

186d912f7996e74a22df25b3f55d8b4d45676996f4d9c5fb8b4d3c8b1fb84426
SHA512

fce4a1fc0abf2618e8e0078f30885a66b8279305967ff617d0f0f547d74ffebceae49ec957acb8f70a201cb00ac273da4ac09c760c184a2bf3925a5c1d9c1bcf
SSDEEP

12288:2mu2wXXCPJwdQwEQDQ6hFqf48l2SLaN9ak8/DddKxih9:8CRwGy86hFqfxrmNKfiih9

Score

7^/10

Malware Config

Targets

- Target
  
  c1c84226d5b94ea90d7930cf7ea36978
- Size
  
  506KB
- MD5
  
  c1c84226d5b94ea90d7930cf7ea36978
- SHA1
  
  4f98885758753f49b362686340d4d50744c1d3b1
- SHA256
  
  186d912f7996e74a22df25b3f55d8b4d45676996f4d9c5fb8b4d3c8b1fb84426
- SHA512
  
  fce4a1fc0abf2618e8e0078f30885a66b8279305967ff617d0f0f547d74ffebceae49ec957acb8f70a201cb00ac273da4ac09c760c184a2bf3925a5c1d9c1bcf
- SSDEEP
  
  12288:2mu2wXXCPJwdQwEQDQ6hFqf48l2SLaN9ak8/DddKxih9:8CRwGy86hFqfxrmNKfiih9
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2