3e2c3fe1ab15b9da1fc1226bdf53bba5c4378daeb4325bbe6110f27a73209aea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

videoplayback.m4a
Size

3.9MB
Sample

240510-pyanaafa71
MD5

639dbd18e363ddec6ff694dc7b429830
SHA1

7e2c882538532a7dbea6fdd15a6f90c728dbb093
SHA256

3e2c3fe1ab15b9da1fc1226bdf53bba5c4378daeb4325bbe6110f27a73209aea
SHA512

ad616bca03bd201d4f12d160a9a685e15a624e0f32d49c12c24f93e9f3c54f31e89ba8822d5fe0e549ce88cd4e0be8bd54dc8249bde82f7623ba1de272507a00
SSDEEP

98304:joiEPPVGvhdEl5mFUDkQWSDJ0iYQ+3bHELd3KUq2MEwJ1:joiE7rnwQWSrX+edaZh71

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  videoplayback.m4a
- Size
  
  3.9MB
- MD5
  
  639dbd18e363ddec6ff694dc7b429830
- SHA1
  
  7e2c882538532a7dbea6fdd15a6f90c728dbb093
- SHA256
  
  3e2c3fe1ab15b9da1fc1226bdf53bba5c4378daeb4325bbe6110f27a73209aea
- SHA512
  
  ad616bca03bd201d4f12d160a9a685e15a624e0f32d49c12c24f93e9f3c54f31e89ba8822d5fe0e549ce88cd4e0be8bd54dc8249bde82f7623ba1de272507a00
- SSDEEP
  
  98304:joiEPPVGvhdEl5mFUDkQWSDJ0iYQ+3bHELd3KUq2MEwJ1:joiE7rnwQWSrX+edaZh71
Score

8^/10

persistence
- Downloads MZ/PE file
- Modifies system executable filetype association
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1