6ab9476bf4080648e71823e9981276e7a6bbf09b91dd3630dd46adf32e696408 | Triage

Sharing

General

Target

6ab9476bf4080648e71823e9981276e7a6bbf09b91dd3630dd46adf32e696408
Size

458KB
Sample

240523-cq6pjaad98
MD5

041d870a053d8d7448a6d491ab63b8d5
SHA1

5db37b0460e372c424b713b432a95b192d0e16b5
SHA256

6ab9476bf4080648e71823e9981276e7a6bbf09b91dd3630dd46adf32e696408
SHA512

393fb5374a10e37aa0c19c7b5a49a266c41b3adf7ae1a6ec98e1c0d5b1a2cea094ef2b93e3b018900b79b708be9a05e3c03b2c245e318456882634d89f794408
SSDEEP

6144:inKIxobzpHaABJwJKXuZCMaOUvLJhx+NivSwiNXCkQcMSCJ/fTdOidE9JjcGqYqt:iKrFHBeJUuobZ+svSwIQsSnfdE75HEsu

Score

8^/10

execution

Malware Config

Targets

- Target
  
  228979659-051450-sanlccjavap0004-1343.exe
- Size
  
  537KB
- MD5
  
  4bd7d05eb541d2987245dd88304a740d
- SHA1
  
  24addd4494289c2039fb4ff2310102214cf30274
- SHA256
  
  e784c7c5d73af9afbdfa923dfbf5549ad2488e7ffaa3b8d6b9abe30d84e8542d
- SHA512
  
  f62e2bfd1ba9d0ce9b0bac90e139b5dbbac96fbd55877c5157e06a20746ac54ae6b4ad0cb25c72f407bc067639d0b17ad749c9250dacfbdfb1ef86518036afd9
- SSDEEP
  
  12288:5WHa/AUQJ+M1yw9+kvcw0QoanljEXNt151X:QHeQJ+Mh9b0fW8bX
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2