a1480e23bd2a89b188fb01138ef2f54130f2dc41ce85ff9319ab7f15471b0011

Target

a1480e23bd2a89b188fb01138ef2f54130f2dc41ce85ff9319ab7f15471b0011
Size

1.9MB
Sample

240409-hmbb4sgg95
MD5

151e9ec4f0355d2f131b871671bd5e20
SHA1

50992f712b281db70518e6d404084e26dcd98b98
SHA256

a1480e23bd2a89b188fb01138ef2f54130f2dc41ce85ff9319ab7f15471b0011
SHA512

18a2fa6e9c97281328de819126dccb6cc8576e11ea11a8faba629da58e724040427c7d941ce0f935948195c30da6d60a6873d7e3e9613eba7df42bde1a3aba1f
SSDEEP

49152:v1r2g+mLqqeaVjSeluJsslFHfjeKgHEaVjsKHzG:drz+OqjXeluJxlFHf6zHj

Score

8^/10

Malware Config

Targets

- Target
  
  a1480e23bd2a89b188fb01138ef2f54130f2dc41ce85ff9319ab7f15471b0011
- Size
  
  1.9MB
- MD5
  
  151e9ec4f0355d2f131b871671bd5e20
- SHA1
  
  50992f712b281db70518e6d404084e26dcd98b98
- SHA256
  
  a1480e23bd2a89b188fb01138ef2f54130f2dc41ce85ff9319ab7f15471b0011
- SHA512
  
  18a2fa6e9c97281328de819126dccb6cc8576e11ea11a8faba629da58e724040427c7d941ce0f935948195c30da6d60a6873d7e3e9613eba7df42bde1a3aba1f
- SSDEEP
  
  49152:v1r2g+mLqqeaVjSeluJsslFHfjeKgHEaVjsKHzG:drz+OqjXeluJxlFHf6zHj
Score

8^/10

discovery persistence upx
- Contacts a large (826) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Contacts a large (826) amount of remote hosts

UPX packed file

Adds Run key to start application

Creates a large amount of network flows

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4