947028d5cad78cfcbbbc48e62a5b5937cda7a3fefbf4beec9dd4f4b277122b00 | Triage

Resubmissions

10/06/2024, 12:51

240610-p3xcvawbpc 3

10/06/2024, 12:45

240610-py5teswenl 8

10/06/2024, 12:41

240610-pwrh1svgrh 8

10/06/2024, 12:23

240610-pklhmavcje 8

Sharing

Copy URL Twitter E-mail

General

Target

CAUTION - MALICIOUS FILES TO REVIEW.zip
Size

2.4MB
Sample

240610-pwrh1svgrh
MD5

04187078858ffc420e7c8cb82f006407
SHA1

cfdd305d9cf6e1522433d53d6367049dd52a8795
SHA256

947028d5cad78cfcbbbc48e62a5b5937cda7a3fefbf4beec9dd4f4b277122b00
SHA512

603133dce677e5970cc9fbf4f9581db3fccdb039a8b8efbcae409d7661cde05cd99568532d306e7b1ed74a838aa745566b4c8845626445e97acaa7730d4dea20
SSDEEP

49152:Y+PWrp91gs6twelxsm8oCP1lVnmaHaJn+ZC8JPm:Y+Od9ilOelxsm8NP1Hma6R+ZBPm

Score

8^/10

execution

Malware Config

Targets

- Target
  
  CAUTION - MALICIOUS FILES TO REVIEW.zip
- Size
  
  2.4MB
- MD5
  
  04187078858ffc420e7c8cb82f006407
- SHA1
  
  cfdd305d9cf6e1522433d53d6367049dd52a8795
- SHA256
  
  947028d5cad78cfcbbbc48e62a5b5937cda7a3fefbf4beec9dd4f4b277122b00
- SHA512
  
  603133dce677e5970cc9fbf4f9581db3fccdb039a8b8efbcae409d7661cde05cd99568532d306e7b1ed74a838aa745566b4c8845626445e97acaa7730d4dea20
- SSDEEP
  
  49152:Y+PWrp91gs6twelxsm8oCP1lVnmaHaJn+ZC8JPm:Y+Od9ilOelxsm8NP1Hma6R+ZBPm
Score

1^/10
behavioral1 behavioral2
- Target
  
  Deobfuscated Payload.ps1
- Size
  
  8KB
- MD5
  
  90bff5678690baac13abce4064a37044
- SHA1
  
  b1efce14247e2551d82a3768dcaf0b83ca852017
- SHA256
  
  90e6852a048968fe433731dd115e8d979961efc64c09c2cfbdb0f05a1a0c887e
- SHA512
  
  1f8516d867569f10f5ce6e73d4df3e6dc5d31ab2d0bdd2a2ae444327239f85aec64a06e89e5707a3f763f796d42e70a807ea3f2bd56863e6ab0c4f2ac70f5b5e
- SSDEEP
  
  192:UsDeIgO/d6Le8cwVJ3It174X2Zmuw6c6qJjyH:UsDeIgO/d6alE3IH4X24uw6c6qJg
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  JHvy.khXZ
- Size
  
  4.8MB
- MD5
  
  c54c58484c9dfd9867ab157b8e3131d9
- SHA1
  
  4d0b51e58686b273e7f186ce5814abf28c9029df
- SHA256
  
  05ab428fc0b171957e9144351a7480cfea2f617f20dd23c145736bd0a22eb041
- SHA512
  
  6538253e19255ed4ade77f99df16f5b0ab73d07b85fc4ab8662b3cf752fb8a3530032e6d180f02fef9aa448b9ccb4147db8243bab83248f269c21780dec99995
- SSDEEP
  
  98304:7JdnPPSZxVhU2ygPHHQ74ciwRmAd8+/4QOHF:7zPd21RciIlx/
Score

8^/10
- Blocklisted process makes network request
behavioral5 behavioral6
- Target
  
  SAAE.exe
- Size
  
  70KB
- MD5
  
  100f56a73211e0b2bcd076a55e6393fd
- SHA1
  
  2576c63f45fbe13dbdc619c39124fade94e002d0
- SHA256
  
  00be065f405e93233cc2f0012defdcbb1d6817b58969d5ffd9fd72fc4783c6f4
- SHA512
  
  43f515356a073effebeeb723b4439fa6235619e2a96206290fb3c6c888395d8cc6a03347367d222a71c8492a66e586d48ad48095f75260bc3182ba72097781da
- SSDEEP
  
  1536:P8qpnO/qRUNReI3fu6Uw2mTARdw2nm2/Rcln5IUmDjoX:o/YUNRBfukTpZsRcln5I
Score

1^/10
behavioral7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7