General
-
Target
sccvhost.exe
-
Size
40KB
-
Sample
240412-vrqc2scc55
-
MD5
b0031898d56e40acd184e475fac4452a
-
SHA1
2205d8183cc609a974c2bde8476d303cb280c9a5
-
SHA256
c52435aca4820212d60f1715d1a77ea8e5b69673bdbc1392b2441c0148a3e012
-
SHA512
8ff1800a975a1a97204f727d4db3a3f32fa0d9d688465fa9eebc3377926dc7f76420d32623f41977be1aa8fbf0bdccff83171fcba359a919ae85c72db9c1d059
-
SSDEEP
768:kBKLuVaHB2SZ93yrS3Y29WRskU9EIoz1QB6SYK1vrRjdFxY:kBKXerSInM9I1QozK1ljdFxY
Static task
static1
Behavioral task
behavioral1
Sample
sccvhost.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
sccvhost.exe
-
Size
40KB
-
MD5
b0031898d56e40acd184e475fac4452a
-
SHA1
2205d8183cc609a974c2bde8476d303cb280c9a5
-
SHA256
c52435aca4820212d60f1715d1a77ea8e5b69673bdbc1392b2441c0148a3e012
-
SHA512
8ff1800a975a1a97204f727d4db3a3f32fa0d9d688465fa9eebc3377926dc7f76420d32623f41977be1aa8fbf0bdccff83171fcba359a919ae85c72db9c1d059
-
SSDEEP
768:kBKLuVaHB2SZ93yrS3Y29WRskU9EIoz1QB6SYK1vrRjdFxY:kBKXerSInM9I1QozK1ljdFxY
Score10/10-
Modifies visibility of file extensions in Explorer
-
StormKitty payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies WinLogon
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1