Overview

overview

8

Static

static

3

47c8f1af1f...87.exe

windows7-x64

8

47c8f1af1f...87.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47c8f1af1f9f8e3a0ad8f359cb14ea08b3261efde59260d8ec5b92d4dfd90587.exe

  • Size

    857KB

  • Sample

    240523-bsztbsgd91

  • MD5

    6606904cf124e2e43df5401efe1aa7f5

  • SHA1

    0700d6cb81beb6a3bb4ff4e941f4e260d7d6795f

  • SHA256

    47c8f1af1f9f8e3a0ad8f359cb14ea08b3261efde59260d8ec5b92d4dfd90587

  • SHA512

    abc409300b90e0db70a91ea64d8aa14458fdc153be7b228e586deaa3fbef68fb3e42d2a882d1aeaa3f25f325553affb204fed42e056f2b2ff7476050e32e2c13

  • SSDEEP

    12288:2TdHutP4ws2ERwovFRG4zNdE1SqYfsyN1fR8MbbAi77tkmY+V5Ekikwh+:2Ti4L2uwovjGiYFqsS1xbHnY+V5Okx

Score
8/10
execution

Malware Config

Targets

    • Target

      47c8f1af1f9f8e3a0ad8f359cb14ea08b3261efde59260d8ec5b92d4dfd90587.exe

    • Size

      857KB

    • MD5

      6606904cf124e2e43df5401efe1aa7f5

    • SHA1

      0700d6cb81beb6a3bb4ff4e941f4e260d7d6795f

    • SHA256

      47c8f1af1f9f8e3a0ad8f359cb14ea08b3261efde59260d8ec5b92d4dfd90587

    • SHA512

      abc409300b90e0db70a91ea64d8aa14458fdc153be7b228e586deaa3fbef68fb3e42d2a882d1aeaa3f25f325553affb204fed42e056f2b2ff7476050e32e2c13

    • SSDEEP

      12288:2TdHutP4ws2ERwovFRG4zNdE1SqYfsyN1fR8MbbAi77tkmY+V5Ekikwh+:2Ti4L2uwovjGiYFqsS1xbHnY+V5Okx

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks