41e95f2be344d3dcfddeee2acd4d487ee7b9e25b3b154e136b41c9a589106bc6 | Triage

Sharing

General

Target

5cbfed8b434981395fcd1dd1933aa520N.exe
Size

280KB
Sample

240901-qpclysscle
MD5

5cbfed8b434981395fcd1dd1933aa520
SHA1

b10870ddb61e83b205e1009b1c0c4780eaacd107
SHA256

41e95f2be344d3dcfddeee2acd4d487ee7b9e25b3b154e136b41c9a589106bc6
SHA512

ddac30999ef3e37b92aff98a0e7c4e0440c2edb87e8433bb9ce78e5ef18c29aedc00e68e9e2b6ba5a78a168199f6e6a79a64b734ad75c3cd2edaae67eb2798f8
SSDEEP

3072:ZgZ8TGSFXcM+qnpKeL34hZK7xVG9Btj676ZBI:ZlTZFfDoeL3qZo4tjS6Y

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  5cbfed8b434981395fcd1dd1933aa520N.exe
- Size
  
  280KB
- MD5
  
  5cbfed8b434981395fcd1dd1933aa520
- SHA1
  
  b10870ddb61e83b205e1009b1c0c4780eaacd107
- SHA256
  
  41e95f2be344d3dcfddeee2acd4d487ee7b9e25b3b154e136b41c9a589106bc6
- SHA512
  
  ddac30999ef3e37b92aff98a0e7c4e0440c2edb87e8433bb9ce78e5ef18c29aedc00e68e9e2b6ba5a78a168199f6e6a79a64b734ad75c3cd2edaae67eb2798f8
- SSDEEP
  
  3072:ZgZ8TGSFXcM+qnpKeL34hZK7xVG9Btj676ZBI:ZlTZFfDoeL3qZo4tjS6Y
Score

10^/10

discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence