aa3228932f3d2a7d581b3a2b4c49d9b13f0ced95faf49bfad9e21451215fd2c0 | Triage

Sharing

General

Target

XClient.exe
Size

5.4MB
Sample

240709-sn9w6szdnr
MD5

eb58a4ed3a43e49d4cd6f38f1832dd8e
SHA1

843d0df759ffd79b00f0adef3371e003a3539977
SHA256

aa3228932f3d2a7d581b3a2b4c49d9b13f0ced95faf49bfad9e21451215fd2c0
SHA512

ff2dfedd8c0b210709cf6d945e70a7a9f1433f2c3603ff5bb4098b7c9138f0b8c81920de4facb9c27fc21b6239763bd8a75f37de15055b05bbeda99a2c45da9c
SSDEEP

49152:ThUYCBeFhs4M/pbjNROxx0/6/nCBoGYOWM3jD5Ev9k11Cx1xG+a300N7ErAg+CrL:Nkm+bjNHiCBvYSE1vt3r9dsi

Score

8^/10

execution

Malware Config

Targets

- Target
  
  XClient.exe
- Size
  
  5.4MB
- MD5
  
  eb58a4ed3a43e49d4cd6f38f1832dd8e
- SHA1
  
  843d0df759ffd79b00f0adef3371e003a3539977
- SHA256
  
  aa3228932f3d2a7d581b3a2b4c49d9b13f0ced95faf49bfad9e21451215fd2c0
- SHA512
  
  ff2dfedd8c0b210709cf6d945e70a7a9f1433f2c3603ff5bb4098b7c9138f0b8c81920de4facb9c27fc21b6239763bd8a75f37de15055b05bbeda99a2c45da9c
- SSDEEP
  
  49152:ThUYCBeFhs4M/pbjNROxx0/6/nCBoGYOWM3jD5Ev9k11Cx1xG+a300N7ErAg+CrL:Nkm+bjNHiCBvYSE1vt3r9dsi
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2