ebed63a39e92973f529cf7a507d5e59fe97b34127cc6e089de4ebe088778961b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Tweaker.exe
Size

157KB
Sample

240512-a2mppabb94
MD5

27a3c31e789ac0c8e48201e533a805de
SHA1

5b6433e3c5beac9338ec781dc7cc4af82efde57b
SHA256

ebed63a39e92973f529cf7a507d5e59fe97b34127cc6e089de4ebe088778961b
SHA512

fc97bdb645c0bdbfb19e8fe4b655f12248ec8c833b979cb0a3cada001449b53c0e7a22f4ac8435932011be78670b995083d6b98c58f318f501093dd8d87c010e
SSDEEP

3072:AahKyd2n31B5lWp1icKAArDZz4N9GhbkrNEk1OT:AahOup0yN90QEF

Score

8^/10

execution persistence

Malware Config

Targets

- Target
  
  Tweaker.exe
- Size
  
  157KB
- MD5
  
  27a3c31e789ac0c8e48201e533a805de
- SHA1
  
  5b6433e3c5beac9338ec781dc7cc4af82efde57b
- SHA256
  
  ebed63a39e92973f529cf7a507d5e59fe97b34127cc6e089de4ebe088778961b
- SHA512
  
  fc97bdb645c0bdbfb19e8fe4b655f12248ec8c833b979cb0a3cada001449b53c0e7a22f4ac8435932011be78670b995083d6b98c58f318f501093dd8d87c010e
- SSDEEP
  
  3072:AahKyd2n31B5lWp1icKAArDZz4N9GhbkrNEk1OT:AahOup0yN90QEF
Score

8^/10

execution persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence