comrat | 3ddc41eaf0ca6504fb7971f90fb8fc3a3b90f3ba4cf4c8cff047b650cf1da9ba | Triage

Sharing

General

Target

3ddc41eaf0ca6504fb7971f90fb8fc3a3b90f3ba4cf4c8cff047b650cf1da9ba
Size

7.2MB
Sample

250227-l4eyeavlx8
MD5

a0a94bae5bd7e8b2e61bbb23fe53d4e0
SHA1

fe72ebebfd8aaea12744e9aaf9a159864edacc56
SHA256

3ddc41eaf0ca6504fb7971f90fb8fc3a3b90f3ba4cf4c8cff047b650cf1da9ba
SHA512

de6a97b16fbf0c0344127a9e8370c62099c84fc6fcae4b0e46befb33aa68e34b5d14dbb5dc504218302ffe1cb3c8eea35f5d03ea76f82ce6280437ccbfad609f
SSDEEP

49152:EJrrr9q0v4ubJmg4OFuwkOM5NZihx9rz2TRjrgdOU9p1PZH/JNTFTJT5dwIwzQJw:4br0RCBNTBwAHvo

Score

10^/10

comrat defense_evasion discovery execution

Malware Config

Targets

- Target
  
  2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/00352afc7e7863530e4d68be35ae8b60261fc57560167645697b7bfc0ac0e93d
- Size
  
  60KB
- MD5
  
  e509c3a40045d2dab9404240f3f201ed
- SHA1
  
  86f747cac3b16ed2dab6d9f72a347145ff7a850d
- SHA256
  
  00352afc7e7863530e4d68be35ae8b60261fc57560167645697b7bfc0ac0e93d
- SHA512
  
  f78827b6fc258f4a63dd17fec2acb7114329a9d7fd426c72838f2e5e5c54c12fce7be7a0eb9c7e7e74b01fe80c42293ef89c3bcbafd230a68f9639e57f62bb6f
- SSDEEP
  
  1536:zlAjaBOUFoD0C8YQ7aZS7C2kkAxWzg39xa3cdjrH++:zl2uOUG0CBQ7aZS7C3uzg39xEM
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/134919151466c9292bdcb7c24c32c841a5183d880072b0ad5e8b3a3a830afef8
- Size
  
  4.1MB
- MD5
  
  65419948186842f8f3ef07cafb71f59a
- SHA1
  
  93537b0814177e2101663306aa17332b9303e08a
- SHA256
  
  134919151466c9292bdcb7c24c32c841a5183d880072b0ad5e8b3a3a830afef8
- SHA512
  
  83d093c6febacb11fcde57fee98c2385f628e5cd3629bfabd0f9e4d2c5de18c6336b3d3aff8081b06a827e742876d19ae370e81890c247daac73d4f8b7ea5f90
- SSDEEP
  
  24576:+vq2EYNg0gX792UHDoSe9Ov2a8p+JnHZUoWYWUpcfm3WuPhu/aqJOFKs4Wuw054o:Drr9q0v4ubJmg4OFuwkOM5NZihxs
Score

6^/10

defense_evasion execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
- Obfuscated Files or Information: Fileless Storage
  Fileless storage can be broadly defined as any format other than a file.
  defense_evasion
behavioral3 behavioral4
- Target
  
  2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/166b1fb3d34b32f1807c710aaa435d181aedbded1e7b4539ffa931c2b2cdd405
- Size
  
  62KB
- MD5
  
  54902e33dd6d642bc5530de33b19e43c
- SHA1
  
  a06f0e29fca6eb29bf5334fb3b84a872172b0e28
- SHA256
  
  166b1fb3d34b32f1807c710aaa435d181aedbded1e7b4539ffa931c2b2cdd405
- SHA512
  
  28b8f63af33f4aebd2b5b582750036db718f657640aca649d4b2b95188661da3834398a56184ee08f64ddf1d32198e722be46dbfbc78e49e0d276fe6c5234b94
- SSDEEP
  
  1536:p2JmzHKhyOjQuCLA/9zYgJS7aWSXEuT2XWZdjoEGbgqPU6Izj6N1o6OtAEBiUm5+:p2JmcjQuCLA/VYgJS7H21yXQdj5G0qMy
Score

1^/10
behavioral5 behavioral6
- Target
  
  2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/44d6d67b5328a4d73f72d8a0f9d39fe4bb6539609f90f169483936a8b3b88316
- Size
  
  1.7MB
- MD5
  
  faaafa3e115033ba5115ed6a6ba59ba9
- SHA1
  
  ca16a95cd38707bad2dc524bb3086b3c0cb3e372
- SHA256
  
  44d6d67b5328a4d73f72d8a0f9d39fe4bb6539609f90f169483936a8b3b88316
- SHA512
  
  6f2fe02c1e15be2409f89ff1e6ae3c78f87e242ee448fe5ff6d375a74f10c7c6cc01f3f6d796aa34599a891e03c5d421d10f0c041e5a6dc0e346aea3ae21a935
- SSDEEP
  
  49152:jTRjrgdOU9p1PZH/JNTFTJT5dwIwzQJH:PRCBNTBwAH
Score

1^/10
behavioral7 behavioral8
- Target
  
  2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/a3170c32c09fc85cdda778a5c20a3dab144b6d1dd9996ba8340866e0081c7642
- Size
  
  1.2MB
- MD5
  
  0fd79f4c60593f6aae69ff22086c3bb0
- SHA1
  
  07f0692c856703d75a9946a0fbb3c0db03f7ac40
- SHA256
  
  a3170c32c09fc85cdda778a5c20a3dab144b6d1dd9996ba8340866e0081c7642
- SHA512
  
  28a0ae0a779aa88499f70cf97ef9db9482527017ea76ee2e469e4184684c4d4fb0559e50f1721e7e9d02655bee4cdf7b12c62a3d037ea10130121cfbb772e250
- SSDEEP
  
  24576:jarQlVyeHtWdf7PyJjwLKWp57+7fb0TLaB7VrE:jD567vs1tm
Score

3^/10

execution
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

Fileless Storage

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

defense_evasionexecution

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10