c21127aadac9b81dd678971dc27c4bcace5682fa2c8fe08caade0a75cf464d21 | Triage

Sharing

General

Target

xera.rar
Size

3.1MB
Sample

250325-rayrbaxscs
MD5

b7b51c74ed6ac2f98b59c93b709c190b
SHA1

6904c888c8467d6d39ccccddcff053769b7d38b3
SHA256

c21127aadac9b81dd678971dc27c4bcace5682fa2c8fe08caade0a75cf464d21
SHA512

906431208a9a5eda48ea59f88c44281713c23db657d173322101a8ef914ad9cf39b22d43d2335a901fe90258d37a75f3f97e1de95e06751c81cfec2d4740016d
SSDEEP

98304:Y+JNTHI2F613L+wtrsmyVBF/nhk0Y41fHMQCgoN:Y+zt6NH5smyRP5YWsQCgoN

Score

7^/10

agilenet discovery

Malware Config

Targets

- Target
  
  xera.rar
- Size
  
  3.1MB
- MD5
  
  b7b51c74ed6ac2f98b59c93b709c190b
- SHA1
  
  6904c888c8467d6d39ccccddcff053769b7d38b3
- SHA256
  
  c21127aadac9b81dd678971dc27c4bcace5682fa2c8fe08caade0a75cf464d21
- SHA512
  
  906431208a9a5eda48ea59f88c44281713c23db657d173322101a8ef914ad9cf39b22d43d2335a901fe90258d37a75f3f97e1de95e06751c81cfec2d4740016d
- SSDEEP
  
  98304:Y+JNTHI2F613L+wtrsmyVBF/nhk0Y41fHMQCgoN:Y+zt6NH5smyRP5YWsQCgoN
Score

7^/10
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  Guna.UI.dll
- Size
  
  1.1MB
- MD5
  
  8673eae95d67e5eb19f0eca3111408e8
- SHA1
  
  ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb
- SHA256
  
  576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d
- SHA512
  
  65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239
- SSDEEP
  
  24576:hUsmpWNSUFmCqJPNsTuJDYYviEcHy1t6Y:hSUQWSF8q
Score

1^/10
behavioral3 behavioral4
- Target
  
  Guna.UI2.dll
- Size
  
  2.3MB
- MD5
  
  b7cf1039d089511ff4594d0796dc966b
- SHA1
  
  e41d50c48f5381da01ed43967d1024fdaaeedd81
- SHA256
  
  9143707613cfa106fc4d7177e6e9f8a544738989b6167cd6578101f1bdb0927a
- SHA512
  
  6627a7a810c78a94ff1d52b14d071f8aabd71a2e6b521d2fcea7d865d94f5bcb1dd890f1b93b292035b20127507e32c11c215268e00510e5bf28c6132a4ce2a4
- SSDEEP
  
  49152:DpR548WTt9kUHdvAmZL0Th+1n9fr2flQChRigKw1:54JErh0gz1
Score

1^/10
behavioral5 behavioral6
- Target
  
  Siticone.UI.dll
- Size
  
  1.3MB
- MD5
  
  2474124f9a70301411e5a42caa0225f6
- SHA1
  
  23c561479001148931601b14889d0c10c1420e85
- SHA256
  
  283346e95883d2c51743b725ecd41f2afd97adbbf86ec9d9735072505d5726b4
- SHA512
  
  a4c798779674fefde60b87cb7b57f1b7b723649189ce7f89e6993b1ee84e84c18eb5f97fce4a531fe8f361fa4ecda79e482f57f695b968e9543345cc40e321ff
- SSDEEP
  
  24576:RVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8g:H8NlaVeuHF
Score

1^/10
behavioral7 behavioral8
- Target
  
  xerav1.exe
- Size
  
  2.7MB
- MD5
  
  72cd201b0337aa38fa3f1ea09185406c
- SHA1
  
  c7f3b87cc40d2a50c2b54668a2cf1ee73a88d001
- SHA256
  
  f6575d9c6353c6d94526a2fb912087c0ca13dcf3938cfa9752bc4fc0b61a684f
- SHA512
  
  53d666f300df08d2f510f7ab3222646ae278c384b90fc51e8e55211253693f0ad6974e650ef6eb238bb79a11fbcd2339a39605c16ecad583a402724e39ea2ed7
- SSDEEP
  
  24576:OejiBEv+aBZ/Rm2w+Yt0c+UF2UTxj/AVURxgr9f9aOEIxfDHRgOmaEopu02:uq+yRwIlwF6B1
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10