801f91b149ccc94aef57d7052af2a68663c9549d538ef47f9d657e68b556a207 | Triage

Sharing

General

Target

801f91b149ccc94aef57d7052af2a68663c9549d538ef47f9d657e68b556a207.exe
Size

761KB
Sample

241102-g13g3sykbx
MD5

8c66851a94f593031f78c4b0139aa0fe
SHA1

77d44ebb62b4acb59cbbab47151de0260fa77889
SHA256

801f91b149ccc94aef57d7052af2a68663c9549d538ef47f9d657e68b556a207
SHA512

72896b71f972dff1bd911662f4beb86fccfcc6882588b1559708e973f6295c778938eb264103fb6286145a2e7ecf08eeed928f4d83d73c39807323beb75a0f2f
SSDEEP

12288:MtGsQ1W0NUtsQJdrOpAiocgBRvZBQMI0csim3504+Np2KkA912soI5qJy+6HTmMD:1sQst5PapBfSRvZ2acs9504+v11pBqJ6

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://uberinho.top/js/signed.exe

Targets

- Target
  
  801f91b149ccc94aef57d7052af2a68663c9549d538ef47f9d657e68b556a207.exe
- Size
  
  761KB
- MD5
  
  8c66851a94f593031f78c4b0139aa0fe
- SHA1
  
  77d44ebb62b4acb59cbbab47151de0260fa77889
- SHA256
  
  801f91b149ccc94aef57d7052af2a68663c9549d538ef47f9d657e68b556a207
- SHA512
  
  72896b71f972dff1bd911662f4beb86fccfcc6882588b1559708e973f6295c778938eb264103fb6286145a2e7ecf08eeed928f4d83d73c39807323beb75a0f2f
- SSDEEP
  
  12288:MtGsQ1W0NUtsQJdrOpAiocgBRvZBQMI0csim3504+Np2KkA912soI5qJy+6HTmMD:1sQst5PapBfSRvZ2acs9504+v11pBqJ6
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecution