66f2de00dc7b3a5aa02180827e1fb8a483c8d4e9c081efdf135d65c9dba0144f | Triage

Sharing

General

Target

2024-09-18_89f8c33a8f051aefb2610733741d27cc_snatch
Size

6.8MB
Sample

240918-3clejsyekm
MD5

89f8c33a8f051aefb2610733741d27cc
SHA1

3d824f27bb72642d49222588e44a625268e418e0
SHA256

66f2de00dc7b3a5aa02180827e1fb8a483c8d4e9c081efdf135d65c9dba0144f
SHA512

295976cccf87bac57cc45cc53c74021a38a052d4f6c89e04b8a85e10f0e3b7c4384eac0a4d38234c4d27ce135fabb579abb831c52ad90108e8ef51c7257a2136
SSDEEP

49152:7O9rQoUTmShxLtFWtJ+45UXLEef5AMM+5dc+r3+nJ5EGpLCS+p2ALVE:76OKShQy45UhCMM0c+r3+fEGpOD

Score

9^/10

discovery lateral_movement

Malware Config

Targets

- Target
  
  2024-09-18_89f8c33a8f051aefb2610733741d27cc_snatch
- Size
  
  6.8MB
- MD5
  
  89f8c33a8f051aefb2610733741d27cc
- SHA1
  
  3d824f27bb72642d49222588e44a625268e418e0
- SHA256
  
  66f2de00dc7b3a5aa02180827e1fb8a483c8d4e9c081efdf135d65c9dba0144f
- SHA512
  
  295976cccf87bac57cc45cc53c74021a38a052d4f6c89e04b8a85e10f0e3b7c4384eac0a4d38234c4d27ce135fabb579abb831c52ad90108e8ef51c7257a2136
- SSDEEP
  
  49152:7O9rQoUTmShxLtFWtJ+45UXLEef5AMM+5dc+r3+nJ5EGpLCS+p2ALVE:76OKShQy45UhCMM0c+r3+fEGpOD
Score

9^/10

discovery lateral_movement
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Remote Service Session Hijacking: RDP Hijacking
  Adversaries may hijack a legitimate user's remote desktop session to move laterally within an environment.
  lateral_movement
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Account Manipulation

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Permission Groups Discovery

Local Groups

Lateral Movement

Remote Service Session Hijacking

RDP Hijacking

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoverylateral_movement