Overview

overview

6

Static

static

3

Escape Service.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Escape Service.exe

  • Size

    12.5MB

  • Sample

    240915-n4bl4asele

  • MD5

    5c9874c7bfeb5916bc90eb2e11168c97

  • SHA1

    65c0837ea7a46f58ebcf8fadbe8d5825fa33d0d1

  • SHA256

    23d7c7dbb9b98f96230886c9b7b6d0bcf73e710dbe1ee3c918d3bd62138cc516

  • SHA512

    712ec2f3e45ae825a87b39ba55bbdfeaf44eb2604c0966c450489a686bff3c0ea16d6d6846a3fa3934f50868d79c19d101dc78177854a95fb632a90494f1757d

  • SSDEEP

    393216:qbCkoPhaFth4Ao+qt54eCAZWVX4y2onw6b:qhoPQ2AFOdpWOyFb

Score
6/10

Malware Config

Targets

    • Target

      Escape Service.exe

    • Size

      12.5MB

    • MD5

      5c9874c7bfeb5916bc90eb2e11168c97

    • SHA1

      65c0837ea7a46f58ebcf8fadbe8d5825fa33d0d1

    • SHA256

      23d7c7dbb9b98f96230886c9b7b6d0bcf73e710dbe1ee3c918d3bd62138cc516

    • SHA512

      712ec2f3e45ae825a87b39ba55bbdfeaf44eb2604c0966c450489a686bff3c0ea16d6d6846a3fa3934f50868d79c19d101dc78177854a95fb632a90494f1757d

    • SSDEEP

      393216:qbCkoPhaFth4Ao+qt54eCAZWVX4y2onw6b:qhoPQ2AFOdpWOyFb

    Score
    6/10

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix

Tasks