af5cfa1a66edeb8cc4eae20824fe6b6b15d4955bef4bbe13750d8f9af424c49e

Resubmissions

26/04/2024, 07:14

240426-h2zm9abd4t 10

26/04/2024, 07:14

26/04/2024, 07:14

26/04/2024, 07:14

26/04/2024, 07:14

25/04/2024, 13:11

Sharing

Copy URL

Twitter E-mail

General

Target

af5cfa1a66edeb8cc4eae20824fe6b6b15d4955bef4bbe13750d8f9af424c49e
Size

2.0MB
Sample

240426-h2ye7abe34
MD5

3eb4e7d99afa9e61d5fbcd4c42985220
SHA1

a67ca6138a9f0cfc70c3406c39e88b88567ff76b
SHA256

af5cfa1a66edeb8cc4eae20824fe6b6b15d4955bef4bbe13750d8f9af424c49e
SHA512

d704a96c7a32e713772497880d05f83fd5c6ef28f3a3e4da4b2de2dbaebf0505bdbd302b41aca3a326f10c8493101bc4b65fb073233c472c75d541bbceb9aff6
SSDEEP

49152:fBKsEZMOc1XTmPFoTqoSsFpoBVFSc00byphfNs4MexOH3k/9:fBtscWoSsFpoBVFSctSNSecH

Score

8^/10

Malware Config

Targets

- Target
  
  af5cfa1a66edeb8cc4eae20824fe6b6b15d4955bef4bbe13750d8f9af424c49e
- Size
  
  2.0MB
- MD5
  
  3eb4e7d99afa9e61d5fbcd4c42985220
- SHA1
  
  a67ca6138a9f0cfc70c3406c39e88b88567ff76b
- SHA256
  
  af5cfa1a66edeb8cc4eae20824fe6b6b15d4955bef4bbe13750d8f9af424c49e
- SHA512
  
  d704a96c7a32e713772497880d05f83fd5c6ef28f3a3e4da4b2de2dbaebf0505bdbd302b41aca3a326f10c8493101bc4b65fb073233c472c75d541bbceb9aff6
- SSDEEP
  
  49152:fBKsEZMOc1XTmPFoTqoSsFpoBVFSc00byphfNs4MexOH3k/9:fBtscWoSsFpoBVFSctSNSecH
Score

8^/10

discovery persistence upx
- Contacts a large (765) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Contacts a large (765) amount of remote hosts

UPX packed file

Adds Run key to start application

Creates a large amount of network flows

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5