421adb3b2479b676edb2e536abadf8063b0bf56f50732a06e0c59afb7ed995b3 | Triage

Sharing

General

Target

BW-Spoofer v1.8.exe
Size

608KB
Sample

240419-het49aca8t
MD5

80b055d3c394b8d67a3471209baaffff
SHA1

fc91bae8f742757c369ece9708c90cb45bd38a84
SHA256

421adb3b2479b676edb2e536abadf8063b0bf56f50732a06e0c59afb7ed995b3
SHA512

e75b76d7c776a85aa3f14de4e0da983b8997b811901f30b153234a05a01b9b18aee4729189e7195b98f696c35b6d7032ef8b6bfee307307f4a9be09ab8ee30fb
SSDEEP

12288:f+Q/fzJitK/Ujd7c9c+l3xa5yGsi+1u3ENf:f+QjJitMUJ7+l3xULsc3E5

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  BW-Spoofer v1.8.exe
- Size
  
  608KB
- MD5
  
  80b055d3c394b8d67a3471209baaffff
- SHA1
  
  fc91bae8f742757c369ece9708c90cb45bd38a84
- SHA256
  
  421adb3b2479b676edb2e536abadf8063b0bf56f50732a06e0c59afb7ed995b3
- SHA512
  
  e75b76d7c776a85aa3f14de4e0da983b8997b811901f30b153234a05a01b9b18aee4729189e7195b98f696c35b6d7032ef8b6bfee307307f4a9be09ab8ee30fb
- SSDEEP
  
  12288:f+Q/fzJitK/Ujd7c9c+l3xa5yGsi+1u3ENf:f+QjJitMUJ7+l3xULsc3E5
Score

8^/10

persistence
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1