c80bdf5839aa7c307d8f576b9da9cb5c978a1f11fadd8dd26c6160be0baaa144 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c80bdf5839aa7c307d8f576b9da9cb5c978a1f11fadd8dd26c6160be0baaa144
Size

314KB
Sample

241018-gvs2fsthnq
MD5

cdec0cc62c9879404f7373f924939236
SHA1

51d016a171a3138e471577679a14cb2d28007535
SHA256

c80bdf5839aa7c307d8f576b9da9cb5c978a1f11fadd8dd26c6160be0baaa144
SHA512

03135249c5a17bf645f6dac360f99080053091595cede7d2bc4c852abca01f3ffab7d6a6f0921b2cbb142e8264c5587c6c653addf062e83231251037a73a15aa
SSDEEP

6144:y+AdvotmDJNUQ7sMpUsmsvx5y8ntC3dYs3NhgV/GPlNiFxwTlXMl1dGekWu6Uv:dAdAecQ/pe8nI3xdaePmbwTlI1dGefhQ

Score

6^/10

discovery execution

Malware Config

Targets

- Target
  
  easy-service-1.0.11/bin/log4net.dll
- Size
  
  264KB
- MD5
  
  86e9286e0efc46c0e24e5d76623e258f
- SHA1
  
  da15d4772740a80709d881d753862b236868ce6c
- SHA256
  
  fb971b146af5a6663761813c99f36528d4d60ea2b7573da5be2a412220e94c20
- SHA512
  
  f5878910152e626f75cd4e1a19bb65776a29bf95cedc2c80310d22599d3e8e62a77d7f9a2fa5e83b6714d0c5ca93df370ee79d48483abc22398384634b9929a4
- SSDEEP
  
  3072:90RhfrnogoLzxHh6NhRegqgEAc1D2VYB9S4LrhSGF0MJkLn7GowOlg7J:90UtcNhxq99hE4LrhSoXJiwOl
Score

1^/10
behavioral1 behavioral2
- Target
  
  easy-service-1.0.11/bin/register-this-path.bat
- Size
  
  187B
- MD5
  
  43a15d99c1f016b1afc9babd1e6cddfe
- SHA1
  
  9a8b5f7ec3a1bab54ef8e6a84396aa269f6ed9be
- SHA256
  
  034d54e89019955f44add6fb9da587ea7dc5473ff71f745c0f062aeb658ec452
- SHA512
  
  a5ba7550a92f93ad2db44e40afb2f82f8f644c717ef44005b38c39e51f5a6f9820375bcc298353143b82913d0a056266bb7cbc910adeccb1f3796f470045ab3c
Score

6^/10

execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral3 behavioral4
- Target
  
  easy-service-1.0.11/bin/register-this-path.win10.bat
- Size
  
  77B
- MD5
  
  3e136a9b9973643280cb3152412a58bf
- SHA1
  
  784625d88b16b076c9a6c0e179bd02b06d6716a8
- SHA256
  
  4d336d48ddb64566d990d74702d4b6a7cd4d3c093dae95e7e6bfb23ee9482f5d
- SHA512
  
  b56292e56d4d2a5e5525854a71b67db11cb3f6a79acce89cd14e5c90de4ba9bf6ee332557a50c0ee01e020d292712b3e087fbf0156fed3641bfeaf25e4c5a33a
Score

6^/10

execution
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral5 behavioral6
- Target
  
  easy-service-1.0.11/bin/svc.exe
- Size
  
  38KB
- MD5
  
  5e1ace7b063fd9c49cca16a182053c6c
- SHA1
  
  40e079221565042110ba0bb453fdb3d8810fc8ae
- SHA256
  
  cd56c5fae7ba1cc06514abfd246036e6bff9bc1875d34d63f6c723227a510de5
- SHA512
  
  131d7d64e98624b642904d0b042a7b8791d625a3a329266858d52f00792c1b3dd7b2acf806e37ace340edbca0690a8240f9c435e1d44867679476074557f30c6
- SSDEEP
  
  768:n3uCbtbaYnkJp/LcYjHPRWDm4fqPItjJq:n3uCbtaYnkDcYjq3tjU
Score

1^/10
behavioral7 behavioral8
- Target
  
  easy-service-1.0.11/samples/csharp-version/worker/sample-worker.exe
- Size
  
  4KB
- MD5
  
  4376aa40d6448bcf8cd67343867a33f4
- SHA1
  
  14074bb4bf63f5d296624d9741e0256916e9ef8b
- SHA256
  
  8443a710970ec0cb63181dad2c05a48f29115074326083de3812227434c166fc
- SHA512
  
  89459918406b3d51a1f5c5f5497a2f39a9ccbc5d653a91e782cb10e851026a62c3e21a1251e38dc37e53635849c5f4b181a946d0ce0a4943bd5f5f9abf3e146e
- SSDEEP
  
  48:6AxEArrUE+4WKqWC5TRJglfl8cVllIllHrMPzriVOulUllLClmq8pfbNtm:SAvUE+4G4luVrc/+8LdzNt
Score

1^/10
behavioral10 behavioral9
- Target
  
  easy-service-1.0.11/samples/nodejs-version/worker/index.js
- Size
  
  440B
- MD5
  
  ed3ccfae8d97640d8e2b448276739814
- SHA1
  
  cfca20e0226df0ae4afc0cdc3d15324edef0e44b
- SHA256
  
  eb8926d0bed9813924f517676988de7597f081c826c789ff1623d9c4bd5648a8
- SHA512
  
  dfcb130b66f0dc2e5c660bd70a5729c3f259e218d205197693e12ae42873fe10454f912836c676d1d2071353a274c124f1ac60033dd6c5dc53e120c6870e50a2
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  easy-service-1.0.11/samples/python-version/worker/main.py
- Size
  
  586B
- MD5
  
  f4d5f6acff1bc14705ca20e47c62a8a0
- SHA1
  
  699aab3dea75e78346523a0fd4c89f08d78198bf
- SHA256
  
  5478d65f61c8b835f0479b4b22d09cbcb4e6353b55df910995c7ae88cb141a88
- SHA512
  
  a3ac57056a6ae2fff09789aa468cae00cb1d3cf08a9bdb33190f25dc5584808dc86e4b11d0ef2b1c40b2ffe85b8c800aa79a1bd453f2eeafd9f031b928b9f10d
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  easy-service-1.0.11/src/Conf.cs
- Size
  
  9KB
- MD5
  
  4690c9c1ffb3cc030fd5680329a0b6b9
- SHA1
  
  0f281082ae31a35a3c245e1681a9e5cec405611b
- SHA256
  
  6bb9468cc892c445dadba2e77d188a4c8185134305681cf8fc4f5b045485d922
- SHA512
  
  48a27251fc49e76234b46639d82c8a954358001b4926e303e21af271c781a0702f417e99241126ed12be909a732022a3867f342f235cd420cefdf2a735940340
- SSDEEP
  
  192:D+z1aa0DzzR7L55yg5QBAJuSRvCba73kzQj7rofU8zs0B:D+z1aa0DJ7Fay8a7sf
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  easy-service-1.0.11/src/Libs.cs
- Size
  
  14KB
- MD5
  
  21748d4eb26a657a90cfd9b5f1f6ffed
- SHA1
  
  416a28d96fcf47032cbe305badedf1e85ec8e090
- SHA256
  
  f960e72960981936d354936cbd65f75e42cabcf9098ae56587df0ed926747d70
- SHA512
  
  15759b3da99eba543cfec1a19b9ee2d816b6347c569d973f05b5a5de217083ce2d233a25bee82d99b56a5e67528ef30d737cb7a548f26a03dc1b6eb9905d540c
- SSDEEP
  
  192:H01qxzKE4zBoEGgGlaQyQKJlqVxyDJZQlk5rl6fw/4sBR8LLV+Op6RSyHShagTUy:H017WEhGwKwJZQyYwpU/KbShXvb2KP
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  easy-service-1.0.11/src/Main.cs
- Size
  
  5KB
- MD5
  
  b897f6eea9eb21fbedc649125e9f8fdc
- SHA1
  
  87c0154de51775e3200475a3e6a448b9bb9642d6
- SHA256
  
  861813b51ee351958ac5d0185fcc59e759aea1fb7bc52d20d852b5f4afa66cfd
- SHA512
  
  cecc7835d70e1e792111b1a069a3b536ffce83c150f1ab9f2cffc65676b4cb3a0b711b82417d31178c25873bea48d278cb6f36129563a1e04e9570ec2e9b5138
- SSDEEP
  
  96:JjPvBuZega8l6KJBW/aiKRsQtMkfLkmABTf:OCNKVFsf
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  easy-service-1.0.11/src/MyFileLogger.cs
- Size
  
  1KB
- MD5
  
  2ea479160f4c19c8d7f2b34a219403e4
- SHA1
  
  57735bdd9209301455f1fc8e8857c435f7487bf6
- SHA256
  
  5ffc0c61f6c1235d7c59a473c42c1f84412ea03d65d6fc242e50b82b9809efd9
- SHA512
  
  9998cfa17d9e07fdccf67651502645fa7844c97b94f8bc5aa049c17a0a1e6601e9cc27bcd81b08b4c95fb8a8f341621aeea6111638abcf57685c7c5140e6713c
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  easy-service-1.0.11/src/SampleWorker.cs
- Size
  
  747B
- MD5
  
  624a9656a0711de75e36b204110e7c28
- SHA1
  
  92ebbd9c93d2fb06129e4fda1edf2b96f6aa61af
- SHA256
  
  e3dd77b636b3735009aff8ea75577e4a8bfce81747cc0927aa77f140521120ed
- SHA512
  
  35226819bb396d185e7c54295c6c001e6301c6f08f31c2b1ba209b92539f157e857de61c88fe349951174c752bc6203ea7621b08804663a887de52b60a182601
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  easy-service-1.0.11/src/SvcUtils.cs
- Size
  
  11KB
- MD5
  
  80b40d562604f126c44fd987838ca55b
- SHA1
  
  aa930b4f3d66363bd9ddb420200040a943fcac9a
- SHA256
  
  5e556c9c0fc078f25fa4b1170fb05aaa5f379de1f7d9029fa00dacfb019dea09
- SHA512
  
  ab919ba50adf76de8e309917a5413f357dcc8d7b9b2393848561085de2c9786f5832cff06fb7f5f1db43aed72da7066fb1d69aa33ecd0688c372f02c36fab402
- SSDEEP
  
  192:ie8odLL5kni/pgr2rHbSsstAPPky3O23rmKW0sG2+ClyD8kZ/nk:ikLYinrHehEky373rgkpnk
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  easy-service-1.0.11/src/Worker.cs
- Size
  
  5KB
- MD5
  
  a8e69dd38a0c2be8d428677c26505307
- SHA1
  
  8222029c8957adcb43393f13fd7cd01822953495
- SHA256
  
  67873ec466089cd44251ba1dfeac33eac854f8f7d282dc858647d61805d33e21
- SHA512
  
  eb701533671b03fbfbb357f2fb8fa57a322f78408c2804d6e19efced4c5bd3bf6c27f957d050bb1310060913b8a0c06705c77864809bc7b5355b7148df18a82b
- SSDEEP
  
  96:JjNVutLv8o9CD82xSBUUKIud49n8CyCuRp0WEDFIoCDqFsILv:1g8GCD82xSBUUKBdCnPyCYhfoC56
Score

3^/10

execution
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28