49e1485339570f92d928eddcff9a461fc30b1416845e089ee69f5e32b230ef1e | Triage

Sharing

General

Target

bfef5ef9140d683f8ee637ae63fd3174
Size

506KB
Sample

240311-fxe2yada6v
MD5

bfef5ef9140d683f8ee637ae63fd3174
SHA1

311b60901c6859ef4f5a1d729c8fac36ac0ea7b0
SHA256

49e1485339570f92d928eddcff9a461fc30b1416845e089ee69f5e32b230ef1e
SHA512

16d657df84bd0743bb02571025abe1d43245382f6f0f2fc65f3031be0524a11b739b5b05c309e05b4142daeb8a0ed3356e136e25f090faf372366c6f5a063e81
SSDEEP

12288:P8LODpfAKmxrnUBQEkvkluOKWNGGH6m8kBelg/qXNYUU0+I+yRUAezzCSQL:PggANxrnulkvkl9/NGMcLH+Il6lCSU

Score

7^/10

Malware Config

Targets

- Target
  
  bfef5ef9140d683f8ee637ae63fd3174
- Size
  
  506KB
- MD5
  
  bfef5ef9140d683f8ee637ae63fd3174
- SHA1
  
  311b60901c6859ef4f5a1d729c8fac36ac0ea7b0
- SHA256
  
  49e1485339570f92d928eddcff9a461fc30b1416845e089ee69f5e32b230ef1e
- SHA512
  
  16d657df84bd0743bb02571025abe1d43245382f6f0f2fc65f3031be0524a11b739b5b05c309e05b4142daeb8a0ed3356e136e25f090faf372366c6f5a063e81
- SSDEEP
  
  12288:P8LODpfAKmxrnUBQEkvkluOKWNGGH6m8kBelg/qXNYUU0+I+yRUAezzCSQL:PggANxrnulkvkl9/NGMcLH+Il6lCSU
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2