Overview

overview

7

Static

static

3

Transferencia.exe

windows7-x64

7

Transferencia.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22052024_0202_21052024_Transferencia.tar

  • Size

    433KB

  • Sample

    240522-cgjteagh24

  • MD5

    3941787c40da49db999bb9c69a42d005

  • SHA1

    14f069705448e9007d2d8e89f0817a4e58bd2f4f

  • SHA256

    b25e337418210160d56418d18c32c2a44fc70254bc0b295b5c54f5dd5549c95d

  • SHA512

    c0e7299f699a868aa1d087d6546791753194bd9251589566bab732948a3e14f5218fd9fc234ea43619791803522a938ed2328ce2a0b08b3461ea77f2922d30c1

  • SSDEEP

    12288:J0pZnHL9jAT8mU07ijSq/X7/8omMZ8LliOPZ:J0pZnrhVG7imq/TdmMZ8D

Score
7/10

Malware Config

Targets

    • Target

      Transferencia.exe

    • Size

      431KB

    • MD5

      07cbab426f1bc77ca5d0f6a8fc1c9b4b

    • SHA1

      70dc25df196c9bd87c2add428dc86b5f272eb15c

    • SHA256

      b7f32eba711b23c10467841163a1d84b4002f99b16399b7356eee0e2abe651df

    • SHA512

      a53c41aa20e76b7ee3baaa08aee3a4aa5361314a677ca753f68e1aca607fc8c8fdb3ab4f932991662976db2e1e30b5632bb7ebc5c12aa24dcb6703b5f311c9d7

    • SSDEEP

      12288:Q0pZnHL9jAT8mU07ijSq/X7/8omMZ8LliOPZx:Q0pZnrhVG7imq/TdmMZ8Dx

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      12b140583e3273ee1f65016becea58c4

    • SHA1

      92df24d11797fefd2e1f8d29be9dfd67c56c1ada

    • SHA256

      014f1dfeb842cf7265a3644bc6903c592abe9049bfc7396829172d3d72c4d042

    • SHA512

      49ffdfa1941361430b6acb3555fd3aa05e4120f28cbdf7ceaa2af5937d0b8cccd84471cf63f06f97cf203b4aa20f226bdad082e9421b8e6b62ab6e1e9fc1e68a

    • SSDEEP

      192:gFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/nC93:E7pJp48F2exrg5F/C

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      4a2f4fe4a3ad1de56ee6bf7dd4923963

    • SHA1

      7cc68b94448c964fd99904e5784b059aed4d5daa

    • SHA256

      89b1e6509a1b45b32933e9d785a9c8c5b9ce7c616e1112dcf7fc3fa5ca27ebde

    • SHA512

      4b6bbe75beafae9a29932ff5ddd3940aadfae62c157836e6cdab755955782dd5354d5eb389b4b8c16bf59f4ce7a099a0161d915c1cf2968f28e195dc8e3997ea

    • SSDEEP

      96:z0OBtYZKtPsrqBApt1JHpb9XWk7Qe06iE6mE6YNFyVOHd0+uPHwEX:4tZKtrAJJJbP7iEHEbN8Ved0Ph

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks