Overview

overview

10

Static

static

10

zzspoof.rar

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zzspoof.rar

  • Size

    3.3MB

  • Sample

    240830-2j2jnszdrc

  • MD5

    5403ad211c001cc767f077cdf9e2a216

  • SHA1

    a9ff8b999583624b7be60cb5d278782cf6b4cd0b

  • SHA256

    2cd7eb2d8ab8b6f758cec1a8103cb271210e2a943f12984f04c751e8367e63c3

  • SHA512

    03e6e524eb690fbd741c3faf39bb943ccc6c7bbc107bfc0c1e2d798adb5a7620f65c3464b6886a26e9327789d0960cb0bae712dcfaf51db560f5d53e452000c9

  • SSDEEP

    98304:EEVdkM1QnJ9GsmL1ZhYLPG0BZ+dr3WO5IV0:EckMGGPbhYSOZul5x

Score
10/10
agenttesladiscoveryexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      zzspoof.rar

    • Size

      3.3MB

    • MD5

      5403ad211c001cc767f077cdf9e2a216

    • SHA1

      a9ff8b999583624b7be60cb5d278782cf6b4cd0b

    • SHA256

      2cd7eb2d8ab8b6f758cec1a8103cb271210e2a943f12984f04c751e8367e63c3

    • SHA512

      03e6e524eb690fbd741c3faf39bb943ccc6c7bbc107bfc0c1e2d798adb5a7620f65c3464b6886a26e9327789d0960cb0bae712dcfaf51db560f5d53e452000c9

    • SSDEEP

      98304:EEVdkM1QnJ9GsmL1ZhYLPG0BZ+dr3WO5IV0:EckMGGPbhYSOZul5x

    Score
    8/10
    discoveryexecutionpersistenceprivilege_escalation

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks