b25e337418210160d56418d18c32c2a44fc70254bc0b295b5c54f5dd5549c95d | Triage

Sharing

General

Target

b25e337418210160d56418d18c32c2a44fc70254bc0b295b5c54f5dd5549c95d.tar
Size

433KB
Sample

240523-ccjylshe5x
MD5

3941787c40da49db999bb9c69a42d005
SHA1

14f069705448e9007d2d8e89f0817a4e58bd2f4f
SHA256

b25e337418210160d56418d18c32c2a44fc70254bc0b295b5c54f5dd5549c95d
SHA512

c0e7299f699a868aa1d087d6546791753194bd9251589566bab732948a3e14f5218fd9fc234ea43619791803522a938ed2328ce2a0b08b3461ea77f2922d30c1
SSDEEP

12288:J0pZnHL9jAT8mU07ijSq/X7/8omMZ8LliOPZ:J0pZnrhVG7imq/TdmMZ8D

Score

7^/10

Malware Config

Targets

- Target
  
  Transferencia.exe
- Size
  
  431KB
- MD5
  
  07cbab426f1bc77ca5d0f6a8fc1c9b4b
- SHA1
  
  70dc25df196c9bd87c2add428dc86b5f272eb15c
- SHA256
  
  b7f32eba711b23c10467841163a1d84b4002f99b16399b7356eee0e2abe651df
- SHA512
  
  a53c41aa20e76b7ee3baaa08aee3a4aa5361314a677ca753f68e1aca607fc8c8fdb3ab4f932991662976db2e1e30b5632bb7ebc5c12aa24dcb6703b5f311c9d7
- SSDEEP
  
  12288:Q0pZnHL9jAT8mU07ijSq/X7/8omMZ8LliOPZx:Q0pZnrhVG7imq/TdmMZ8Dx
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  12b140583e3273ee1f65016becea58c4
- SHA1
  
  92df24d11797fefd2e1f8d29be9dfd67c56c1ada
- SHA256
  
  014f1dfeb842cf7265a3644bc6903c592abe9049bfc7396829172d3d72c4d042
- SHA512
  
  49ffdfa1941361430b6acb3555fd3aa05e4120f28cbdf7ceaa2af5937d0b8cccd84471cf63f06f97cf203b4aa20f226bdad082e9421b8e6b62ab6e1e9fc1e68a
- SSDEEP
  
  192:gFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/nC93:E7pJp48F2exrg5F/C
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  4a2f4fe4a3ad1de56ee6bf7dd4923963
- SHA1
  
  7cc68b94448c964fd99904e5784b059aed4d5daa
- SHA256
  
  89b1e6509a1b45b32933e9d785a9c8c5b9ce7c616e1112dcf7fc3fa5ca27ebde
- SHA512
  
  4b6bbe75beafae9a29932ff5ddd3940aadfae62c157836e6cdab755955782dd5354d5eb389b4b8c16bf59f4ce7a099a0161d915c1cf2968f28e195dc8e3997ea
- SSDEEP
  
  96:z0OBtYZKtPsrqBApt1JHpb9XWk7Qe06iE6mE6YNFyVOHd0+uPHwEX:4tZKtrAJJJbP7iEHEbN8Ved0Ph
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6