449ab2be3e637a7dae99277baeaa57a8377efaaad2ce9aa3a2929d2b41e9aee0 | Triage

Sharing

General

Target

c1456a4201af72f786f37204a50765cf
Size

506KB
Sample

240311-wveamaac7z
MD5

c1456a4201af72f786f37204a50765cf
SHA1

84e4019d24da14e3a9ac8fc5edb4d711d6c32c6b
SHA256

449ab2be3e637a7dae99277baeaa57a8377efaaad2ce9aa3a2929d2b41e9aee0
SHA512

779e4c293b25e1b7d13fc32344621c8ac3cb79e09b8f4e633f63dd3af2543c38b8561ee8e7fe5672ac65f2e1ea7f2b42178d7d31b902d2f7b69c9385111aa46e
SSDEEP

12288:8iAMvs0cntOGe5tZFmV5RueUHPxgFfrGIjL+gVm8kWM+KuG:8iAMzcLcZFmVbpAxoD9L+gU8kWMBuG

Score

7^/10

Malware Config

Targets

- Target
  
  c1456a4201af72f786f37204a50765cf
- Size
  
  506KB
- MD5
  
  c1456a4201af72f786f37204a50765cf
- SHA1
  
  84e4019d24da14e3a9ac8fc5edb4d711d6c32c6b
- SHA256
  
  449ab2be3e637a7dae99277baeaa57a8377efaaad2ce9aa3a2929d2b41e9aee0
- SHA512
  
  779e4c293b25e1b7d13fc32344621c8ac3cb79e09b8f4e633f63dd3af2543c38b8561ee8e7fe5672ac65f2e1ea7f2b42178d7d31b902d2f7b69c9385111aa46e
- SSDEEP
  
  12288:8iAMvs0cntOGe5tZFmV5RueUHPxgFfrGIjL+gVm8kWM+KuG:8iAMzcLcZFmVbpAxoD9L+gU8kWMBuG
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2