cc0e9bf7c0f9c254bbdd4aa0b587b07a5edd68aef2719ca26368ded1fe9f8783 | Triage

Sharing

General

Target

MalwareBazaar.2
Size

2.0MB
Sample

240723-tghd1syanj
MD5

0123e61e016a363f4fdfdb3bbefd0ea0
SHA1

dbdfcd3286c52c858f13eb198ca3e21f61e187a4
SHA256

cc0e9bf7c0f9c254bbdd4aa0b587b07a5edd68aef2719ca26368ded1fe9f8783
SHA512

75ff976b2ebd5ad776b7e9a732789bc854e8d7da1f7e9a1d28186e2a83b16588fa3e97d35ea0a307878a0b904ef0008ecb14aa21abe84d05e06db1b515706ee9
SSDEEP

49152:d2u/BMdg532rpsjCMqigjns2+a95PlpiH9MzMrcgt4hiNRiB+IkRDqPG2:SrpEZIrBzaDqZ

Score

8^/10

execution

Malware Config

Targets

- Target
  
  MalwareBazaar.2
- Size
  
  2.0MB
- MD5
  
  0123e61e016a363f4fdfdb3bbefd0ea0
- SHA1
  
  dbdfcd3286c52c858f13eb198ca3e21f61e187a4
- SHA256
  
  cc0e9bf7c0f9c254bbdd4aa0b587b07a5edd68aef2719ca26368ded1fe9f8783
- SHA512
  
  75ff976b2ebd5ad776b7e9a732789bc854e8d7da1f7e9a1d28186e2a83b16588fa3e97d35ea0a307878a0b904ef0008ecb14aa21abe84d05e06db1b515706ee9
- SSDEEP
  
  49152:d2u/BMdg532rpsjCMqigjns2+a95PlpiH9MzMrcgt4hiNRiB+IkRDqPG2:SrpEZIrBzaDqZ
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2