74ae38da8926b45c65f241a8f9628c36d87a2b07bd574c73a9f304484c1b1c6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

X_W_NullWinRef.exe
Size

67.5MB
Sample

240520-qjvwcabh98
MD5

6d72dbfc8bfc6278e2bc6b99ca24650e
SHA1

7ab8654b5155086f79d59fe038595eab760754f7
SHA256

74ae38da8926b45c65f241a8f9628c36d87a2b07bd574c73a9f304484c1b1c6f
SHA512

1c0126f23bc841b191a2c4a7854515c351f56da7200a567495f0590d1236a712a338e8c43d71e629dbb4160ddf34d17cdfccb1359316ff51de6e34d55a93885d
SSDEEP

786432:o3a4Ejmp1Ck947/nZFyDY/GqoQZcGO1ULX8SLRgnG2qY:o3a4Ejs1CryDY/zxcBULskRVjY

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  X_W_NullWinRef.exe
- Size
  
  67.5MB
- MD5
  
  6d72dbfc8bfc6278e2bc6b99ca24650e
- SHA1
  
  7ab8654b5155086f79d59fe038595eab760754f7
- SHA256
  
  74ae38da8926b45c65f241a8f9628c36d87a2b07bd574c73a9f304484c1b1c6f
- SHA512
  
  1c0126f23bc841b191a2c4a7854515c351f56da7200a567495f0590d1236a712a338e8c43d71e629dbb4160ddf34d17cdfccb1359316ff51de6e34d55a93885d
- SSDEEP
  
  786432:o3a4Ejmp1Ck947/nZFyDY/GqoQZcGO1ULX8SLRgnG2qY:o3a4Ejs1CryDY/zxcBULskRVjY
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1