General

  • Target

    0654627b6b4dd4fc3d2807132e635101.bin

  • Size

    847KB

  • Sample

    240613-bln39asdlp

  • MD5

    c8a3e60e7771c260b565e1bf5f27a306

  • SHA1

    f5bbff98551fb54da9984c5d099e92c0c576d649

  • SHA256

    f466b50a4a583a4a1ff47be68c27bf8494e66b679250d9d07340eb9ae4bb5cdc

  • SHA512

    1737e2554a81fb856d475a31529727044915174baa17a2ae9b20191c3d9f82afeeffe6d7ba05774bc50fcad9806132b06e42cff959be1628f43170de5e99170d

  • SSDEEP

    24576:je+ofljWZiVSdc/YyeTwKBghJudgtsA34t:jeBflaCleTRVd+h3Y

Score
7/10

Malware Config

Targets

    • Target

      bfae90433775c2c49fdb8b25704a553a350abb5e30db9fe70d5a22518e0c286e.exe

    • Size

      976KB

    • MD5

      0654627b6b4dd4fc3d2807132e635101

    • SHA1

      0a5e0e7bd1009265963053b2d355306bb9f4de42

    • SHA256

      bfae90433775c2c49fdb8b25704a553a350abb5e30db9fe70d5a22518e0c286e

    • SHA512

      4db3661519e7b850204d1526196066cb7147cd841f4e5c57c634b7ce5cdf0ef4da30525ba19768acd30ef9dcde1451381f4092b05621be6acf5ae09ea4fcca93

    • SSDEEP

      24576:FT5+tqOmwmFwITa9ppL2VU7/b9vrbYK0Jdi9SxaEu:pEtBL+wzuGtAK0JdyNEu

    Score
    7/10
    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      d968cb2b98b83c03a9f02dd9b8df97dc

    • SHA1

      d784c9b7a92dce58a5038beb62a48ff509e166a0

    • SHA256

      a4ec98011ef99e595912718c1a1bf1aa67bfc2192575729d42f559d01f67b95c

    • SHA512

      2ee41dc68f329a1519a8073ece7d746c9f3bf45d8ef3b915deb376af37e26074134af5f83c8af0fe0ab227f0d1acca9f37e5ca7ae37c46c3bcc0331fe5e2b97e

    • SSDEEP

      192:CVA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6w79Mw:CrR7SrtTv53tdtTgwF4SQbGPX36wJMw

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks