21c88ee24cfc26b4ba4ea1dc24d31dbadeb20c87dcb19966d99c443c7089e233 | Triage

Resubmissions

20-09-2024 23:13

240920-27saxatcpa 8

20-09-2024 20:18

240920-y3p37swclc 8

Sharing

General

Target

19032985385.zip
Size

1.3MB
Sample

240920-y3p37swclc
MD5

c4083383c1bfb5b604e10881a9a0969d
SHA1

0b23452aad1645b894b988f67313968fffee96c6
SHA256

21c88ee24cfc26b4ba4ea1dc24d31dbadeb20c87dcb19966d99c443c7089e233
SHA512

bd5e79b0c0783f89341d571a7f3889258f3da11d8de271172ee41496311d65bef710ae232e38cfde026c2a61fa10ac7cb817056cf11bfd5eeb584f5b211f92dc
SSDEEP

24576:sh5EMoIYNlR3xOVh07Tc1+iXFaSgG7dHidjl24n3yu6:sroNn34YA1+iXF3gG7yBbn3yu6

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  783c4a9cf616f01dbad0fc49bb49d61bb6f9fb95c1bcafacb9529198fc0b77a2
- Size
  
  3.9MB
- MD5
  
  88eac956a4fece558db3280a977b6742
- SHA1
  
  e106164356d948d05b204a2e47e64a80000db61e
- SHA256
  
  783c4a9cf616f01dbad0fc49bb49d61bb6f9fb95c1bcafacb9529198fc0b77a2
- SHA512
  
  3f6f62053cbf9eccaf6157220a17a4354eb696200847e0c1c0904bc7aedeed1425e8d79829f8a6deb54c8220983d4cd198163aef83849cbec8c4b0166790aa18
- SSDEEP
  
  98304:KCtlY3/JaXu7ouSnvOV05O9M57uRleMbGv:RjY3/JaXu7ouSnvOV05O9M57uRlerv
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence