464296365772ce6ad0e277e358ef5bab10c06549ac72b593269087863ee3b4c1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

464296365772ce6ad0e277e358ef5bab10c06549ac72b593269087863ee3b4c1
Size

320KB
Sample

240530-z6jk9sbc67
MD5

af72a581a5a3ee62e28f255558d7a3aa
SHA1

85dcb7a1e99ef55456419f8decbdfe0de1848fa5
SHA256

464296365772ce6ad0e277e358ef5bab10c06549ac72b593269087863ee3b4c1
SHA512

70d7a3511f35ad93bbf4a26783a8bf4b5617ffa482273c5cdf7b5f7d17fba71bf35a949b4d224de6c820f9ae299d0166e400ba9f49fce5aa640789b3cce54e56
SSDEEP

3072:h3sKGDMUBWC7W/y8/41QUUZm8/41QrAoUZ4pWLB51jozFWLBggS2LHqN:h3sFBWuWlZgZ0Wd/OWdPS2L8

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  464296365772ce6ad0e277e358ef5bab10c06549ac72b593269087863ee3b4c1
- Size
  
  320KB
- MD5
  
  af72a581a5a3ee62e28f255558d7a3aa
- SHA1
  
  85dcb7a1e99ef55456419f8decbdfe0de1848fa5
- SHA256
  
  464296365772ce6ad0e277e358ef5bab10c06549ac72b593269087863ee3b4c1
- SHA512
  
  70d7a3511f35ad93bbf4a26783a8bf4b5617ffa482273c5cdf7b5f7d17fba71bf35a949b4d224de6c820f9ae299d0166e400ba9f49fce5aa640789b3cce54e56
- SSDEEP
  
  3072:h3sKGDMUBWC7W/y8/41QUUZm8/41QrAoUZ4pWLB51jozFWLBggS2LHqN:h3sFBWuWlZgZ0Wd/OWdPS2L8
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Detects executables containing bas64 encoded gzip files
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2