General

  • Target

    3d5e32b4b26d404337d2ae3276029fc069159e67

  • Size

    6.3MB

  • Sample

    241109-yxq4ba1era

  • MD5

    b43c9bd4a44f5b1ea78b2e77e97dc16a

  • SHA1

    3d5e32b4b26d404337d2ae3276029fc069159e67

  • SHA256

    8a2318758171d7ed4d6f1732bf8606fb7c14049b15128babf55dd61e9b7422e4

  • SHA512

    ffe0b988646e39b61bf0a8244dc00eb666a631f390c2f9195c731ffcb39314283e3ddbeb1ff678d09b14bfa5a4703576e150de3e2437edc57bcd3d1dd53ef96d

  • SSDEEP

    49152:oBOZB05ydBveP6LYo4/iB8nQTIDMsLMmPQyIxiyFioTd3NCWpG4Vpw:6SMMBveMYb/iE3MmPx0TddCC

Score
8/10

Malware Config

Targets

    • Target

      3d5e32b4b26d404337d2ae3276029fc069159e67

    • Size

      6.3MB

    • MD5

      b43c9bd4a44f5b1ea78b2e77e97dc16a

    • SHA1

      3d5e32b4b26d404337d2ae3276029fc069159e67

    • SHA256

      8a2318758171d7ed4d6f1732bf8606fb7c14049b15128babf55dd61e9b7422e4

    • SHA512

      ffe0b988646e39b61bf0a8244dc00eb666a631f390c2f9195c731ffcb39314283e3ddbeb1ff678d09b14bfa5a4703576e150de3e2437edc57bcd3d1dd53ef96d

    • SSDEEP

      49152:oBOZB05ydBveP6LYo4/iB8nQTIDMsLMmPQyIxiyFioTd3NCWpG4Vpw:6SMMBveMYb/iE3MmPx0TddCC

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    • Target

      .enigma2

    • Size

      280KB

    • MD5

      040212ac1dc3eba329c9eca081020653

    • SHA1

      0cedbed4cf695e690ca160578abcae8dd954b85d

    • SHA256

      6a274b735a4bf406c621f33f96b1f870c8562536cb615d33e504a054e8af1729

    • SHA512

      a3a0872801b1913ad2d571e2131e250bf0eee26423dc08ea55a3f0f8af58bdd0b5bd020ac2a65725f136f954a7164877127049cb39471f3f4d27b6c3a214e08c

    • SSDEEP

      3072:cUPl/0jfkOMFRbjpWmA+iE+rLqRfh4X8Y51yroMnbdOUUyo4fhX2PXjG8BZUXC2u:DB0jDMFHWmABjO01yr/nVRxfp2PTGmt

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks