Overview

overview

10

Static

static

1

redirect.html

windows10-1703-x64

10

redirect.html

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    redirect

  • Size

    6KB

  • Sample

    240427-2ksm6aab59

  • MD5

    7e78592c04c640ad6744d4065a400430

  • SHA1

    095b950e5735ce303216f3f8da4c8e9865200abb

  • SHA256

    fb706fe7be78abe8a50d077a1918b624b836dbe2d6f27fa8e20750118384e4b8

  • SHA512

    69a44b9fa1a0f50629bddaf7b54d1d9a8b17e0b34761bd6896b3ef097811025e5c98f0ce080c6117f2c30d36fe23fb442eeadbb799e40317b10f113ecf814bd3

  • SSDEEP

    192:dSHLxX7777/77QF7Eyrs0Lod4BYCIpzOrXeR:dSr5HYk0+CIpzOrXC

Score
10/10

Malware Config

Targets

    • Target

      redirect

    • Size

      6KB

    • MD5

      7e78592c04c640ad6744d4065a400430

    • SHA1

      095b950e5735ce303216f3f8da4c8e9865200abb

    • SHA256

      fb706fe7be78abe8a50d077a1918b624b836dbe2d6f27fa8e20750118384e4b8

    • SHA512

      69a44b9fa1a0f50629bddaf7b54d1d9a8b17e0b34761bd6896b3ef097811025e5c98f0ce080c6117f2c30d36fe23fb442eeadbb799e40317b10f113ecf814bd3

    • SSDEEP

      192:dSHLxX7777/77QF7Eyrs0Lod4BYCIpzOrXeR:dSr5HYk0+CIpzOrXC

    Score
    10/10

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks