dc016f1abcc772168c757c5052ff073fa84d39cfa49afac8d49d5828cd0e1c54 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc016f1abcc772168c757c5052ff073fa84d39cfa49afac8d49d5828cd0e1c54
Size

182KB
Sample

240726-exnhmswcqr
MD5

02454d9d08d7df164b3ce54494a7718f
SHA1

b9903f9526c4888785ef04ef0985fce2191e6f35
SHA256

dc016f1abcc772168c757c5052ff073fa84d39cfa49afac8d49d5828cd0e1c54
SHA512

dc96de4736187f10451d977c114f2f59705a60410c63a14d4e1ae0dd47026a695d8b45e1ac15b7b8d0e0652d4a7211b44f7ab69aeb96446fc58c1905aaa02599
SSDEEP

3072:AYNFXe8RgmStLWGyO7nguPnVgA53+GpOc:bFXSt3yOEiV6GpOc

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  dc016f1abcc772168c757c5052ff073fa84d39cfa49afac8d49d5828cd0e1c54
- Size
  
  182KB
- MD5
  
  02454d9d08d7df164b3ce54494a7718f
- SHA1
  
  b9903f9526c4888785ef04ef0985fce2191e6f35
- SHA256
  
  dc016f1abcc772168c757c5052ff073fa84d39cfa49afac8d49d5828cd0e1c54
- SHA512
  
  dc96de4736187f10451d977c114f2f59705a60410c63a14d4e1ae0dd47026a695d8b45e1ac15b7b8d0e0652d4a7211b44f7ab69aeb96446fc58c1905aaa02599
- SSDEEP
  
  3072:AYNFXe8RgmStLWGyO7nguPnVgA53+GpOc:bFXSt3yOEiV6GpOc
Score

10^/10

discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence