d8befd7bb30fce4c3a1cd9a3e35b16859cd8f9c5a2e7385f7fd1825dfd93ca9c | Triage

Sharing

General

Target

d8befd7bb30fce4c3a1cd9a3e35b16859cd8f9c5a2e7385f7fd1825dfd93ca9c.exe
Size

781KB
Sample

241121-klaqaszqht
MD5

94714aa15ec11620268486da725ac377
SHA1

6a2d1465c0e6985d81d8a2557b4040fbea3df54d
SHA256

d8befd7bb30fce4c3a1cd9a3e35b16859cd8f9c5a2e7385f7fd1825dfd93ca9c
SHA512

2109cabaf033a01c69e50aec8458ee45927bc419a27cd653b8d9ea549fb4b1f08a1203b6c33687da05a37310b9644275a836f64c0b3c9647bbf7ed0ae3b97c0a
SSDEEP

24576:eQBz94hX31iBQTzN/R/6MIVHIRZtphp1Ht:t9lQte5IBpT1N

Score

8^/10

collection discovery execution

Malware Config

Targets

- Target
  
  d8befd7bb30fce4c3a1cd9a3e35b16859cd8f9c5a2e7385f7fd1825dfd93ca9c.exe
- Size
  
  781KB
- MD5
  
  94714aa15ec11620268486da725ac377
- SHA1
  
  6a2d1465c0e6985d81d8a2557b4040fbea3df54d
- SHA256
  
  d8befd7bb30fce4c3a1cd9a3e35b16859cd8f9c5a2e7385f7fd1825dfd93ca9c
- SHA512
  
  2109cabaf033a01c69e50aec8458ee45927bc419a27cd653b8d9ea549fb4b1f08a1203b6c33687da05a37310b9644275a836f64c0b3c9647bbf7ed0ae3b97c0a
- SSDEEP
  
  24576:eQBz94hX31iBQTzN/R/6MIVHIRZtphp1Ht:t9lQte5IBpT1N
Score

8^/10

discovery execution collection
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Accesses Microsoft Outlook profiles
  collection
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Koffeinfrit/squamae.com
- Size
  
  323KB
- MD5
  
  f3705d740dca8d46b5a48d60c835e2a1
- SHA1
  
  9e80cf8669c2a6680be5aeee5e84b7bfb55e04e3
- SHA256
  
  87b08ea9d89bc023be4a6cef3ca5b74dac237a35173651c31e8b19062c427064
- SHA512
  
  6c5b39ccba3d187dbc2cd14620cbde9bdc778cc59cf96c5f8900b3cc40099a0c66e7ecb5cd30203a7d71bf183f9b2e49bb582a632ae12cf94a62232548d4687c
- SSDEEP
  
  768:tJCG3Zp6ICBp3uKWDL9e7LZSQvwthb++dk5MJKUe4ZCGKtnyuwvKZGye8HBdEmTN:tJ3u2two+KyomXrv4BxnU7cjkE+8
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

collectiondiscoveryexecution

behavioral3

behavioral4