Overview

overview

9

Static

static

3

6ffdead52c...c5.exe

windows7-x64

7

6ffdead52c...c5.exe

windows10-1703-x64

8

6ffdead52c...c5.exe

windows10-2004-x64

9

6ffdead52c...c5.exe

windows11-21h2-x64

8

Resubmissions

11-04-2024 07:29

240411-jbfccsef62 10

11-04-2024 07:28

240411-jaw9gshg4y 9

11-04-2024 07:28

240411-jawmysef47 10

11-04-2024 07:28

240411-jawb7aef46 8

11-04-2024 07:28

240411-jav2esef45 7

07-04-2024 09:04

240407-k11v2ahh64 7

07-04-2024 09:04

240407-k1s57ahe5z 10

07-04-2024 09:03

240407-k1d19she41 10

07-04-2024 09:03

240407-kz78qahe4v 8

18-12-2023 04:55

231218-fj6bzaadg5 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ffdead52c68fdafb9fb7e5f0b2e4fc806e56f1a3126bad04194cba602dd92c5

  • Size

    1.9MB

  • Sample

    240411-jaw9gshg4y

  • MD5

    001f6aefa850c575018eaa792a0ebbc5

  • SHA1

    69a44211fda244815a6f7b4480dada97f7778fe0

  • SHA256

    6ffdead52c68fdafb9fb7e5f0b2e4fc806e56f1a3126bad04194cba602dd92c5

  • SHA512

    24eeb6d51b6d3d2988e4eb39a0c0580013d7a3a1711d0d512a233c5a5ca1f5bb4d28b3e39e0e18990d83f592c3550e13cb905b7573c013155867b7221b9997d5

  • SSDEEP

    24576:Z0ZIVjFxbxJMgQ5DIiJ1KxwflAbWgj8RuFwTXJsK63Ct6ij0V+uYzjy2QhL8Gbge:CC9pagQFIE1KbkYF+X70V+hy7hAI1U

Score
9/10
discoverymotwpersistencephishingupx

Malware Config

Targets

    • Target

      6ffdead52c68fdafb9fb7e5f0b2e4fc806e56f1a3126bad04194cba602dd92c5

    • Size

      1.9MB

    • MD5

      001f6aefa850c575018eaa792a0ebbc5

    • SHA1

      69a44211fda244815a6f7b4480dada97f7778fe0

    • SHA256

      6ffdead52c68fdafb9fb7e5f0b2e4fc806e56f1a3126bad04194cba602dd92c5

    • SHA512

      24eeb6d51b6d3d2988e4eb39a0c0580013d7a3a1711d0d512a233c5a5ca1f5bb4d28b3e39e0e18990d83f592c3550e13cb905b7573c013155867b7221b9997d5

    • SSDEEP

      24576:Z0ZIVjFxbxJMgQ5DIiJ1KxwflAbWgj8RuFwTXJsK63Ct6ij0V+uYzjy2QhL8Gbge:CC9pagQFIE1KbkYF+X70V+hy7hAI1U

    Score
    9/10
    discoverypersistenceupxmotwphishing

    • Contacts a large (1443) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Network Service Discovery

2
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks