6235aa520e5db578b4217ef64c934966f8bb3c51539bd35f7134cd64ddb8f75a | Triage

Sharing

General

Target

c2451d84ce1bc4ec0233b501533139cd
Size

771KB
Sample

240312-dcqa3aeb7z
MD5

c2451d84ce1bc4ec0233b501533139cd
SHA1

b4ec3f47be74b5b6def0f00223a2b3712159d3f4
SHA256

6235aa520e5db578b4217ef64c934966f8bb3c51539bd35f7134cd64ddb8f75a
SHA512

f8d0bccdefe2d71b7f84cec99ba03d844b7814b10a6ea596c0444d88a029769b84840fc130899e9c1557cf655712dbbb84ce30194bb8a8f69e2f41547fec6041
SSDEEP

12288:T1w3F5EbvebCU3NOLiNqF0BYvqK6pTyHzZsHH228lwI63ECaBwQ2tb5JLrnyl0:T6wvebzOiECsq5ke8lCU1B+5vM0

Score

7^/10

Malware Config

Targets

- Target
  
  c2451d84ce1bc4ec0233b501533139cd
- Size
  
  771KB
- MD5
  
  c2451d84ce1bc4ec0233b501533139cd
- SHA1
  
  b4ec3f47be74b5b6def0f00223a2b3712159d3f4
- SHA256
  
  6235aa520e5db578b4217ef64c934966f8bb3c51539bd35f7134cd64ddb8f75a
- SHA512
  
  f8d0bccdefe2d71b7f84cec99ba03d844b7814b10a6ea596c0444d88a029769b84840fc130899e9c1557cf655712dbbb84ce30194bb8a8f69e2f41547fec6041
- SSDEEP
  
  12288:T1w3F5EbvebCU3NOLiNqF0BYvqK6pTyHzZsHH228lwI63ECaBwQ2tb5JLrnyl0:T6wvebzOiECsq5ke8lCU1B+5vM0
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2