16b9d016fa5eb98a0beecc77d317b0fe2ac9836a577977436462d57697a64fa8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

spotyprem.zip
Size

514B
Sample

240530-mj478sfb98
MD5

445fa2c61248093f976109b081ea0cac
SHA1

5238005bbdf193f7d76aac3a2ff5cec8185f2472
SHA256

16b9d016fa5eb98a0beecc77d317b0fe2ac9836a577977436462d57697a64fa8
SHA512

cd6458797b9fd4508c9c144c4f18dbe1de9c62caca64ed4751656250cb344a0faaf9cb6c907db59a44b6a8e29d0466a9d5441432a6fbfb9e04d58752db99408b

Score

8^/10

execution

Malware Config

Targets

- Target
  
  spotyprem.zip
- Size
  
  514B
- MD5
  
  445fa2c61248093f976109b081ea0cac
- SHA1
  
  5238005bbdf193f7d76aac3a2ff5cec8185f2472
- SHA256
  
  16b9d016fa5eb98a0beecc77d317b0fe2ac9836a577977436462d57697a64fa8
- SHA512
  
  cd6458797b9fd4508c9c144c4f18dbe1de9c62caca64ed4751656250cb344a0faaf9cb6c907db59a44b6a8e29d0466a9d5441432a6fbfb9e04d58752db99408b
Score

1^/10
behavioral1
- Target
  
  Install_Auto.bat
- Size
  
  481B
- MD5
  
  4a2fc5b639477dd1c96cd75e09638a57
- SHA1
  
  f9bf0cd572a26b0f3cb150952f28dee107699b87
- SHA256
  
  50159f10ba5ff9bd70a553acd689f26bd980555c2d9cdb68f42b5f3d3b7fd351
- SHA512
  
  8bf2924c22645931f270b4ef7d41897cdbb9eb8df26f6d9e973acd7be6a2739bb9ac061124fe8bc3b9cfe7910e86c9b99545fda24b80f6f5b4b3c943e7662e0f
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2