Overview

overview

8

Static

static

Ficha OMS ...os.exe

windows7_x64

8

Ficha OMS ...os.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ficha OMS - Reserva Medicos.exe

  • Size

    703KB

  • Sample

    200712-166ae9l36j

  • MD5

    e6e25bc559a331c79f173920071e4f8e

  • SHA1

    ca4681b1f0f8fe4c2f8d142a85b08e56307a8f65

  • SHA256

    b5e39716f576e5ff21e945560a98ee7ca7309491b2b7f2643728cd341b9c19de

  • SHA512

    b3cd1b2da11bb8a7432e1451d9ff23a08145d0ace05fd7e99da11eeb6dddfd8039aed2b5e6087dc8027c0a2b7705761fe32347b4a2126c1e4c06cfb346279150

Score
8/10

Malware Config

Targets

    • Target

      Ficha OMS - Reserva Medicos.exe

    • Size

      703KB

    • MD5

      e6e25bc559a331c79f173920071e4f8e

    • SHA1

      ca4681b1f0f8fe4c2f8d142a85b08e56307a8f65

    • SHA256

      b5e39716f576e5ff21e945560a98ee7ca7309491b2b7f2643728cd341b9c19de

    • SHA512

      b3cd1b2da11bb8a7432e1451d9ff23a08145d0ace05fd7e99da11eeb6dddfd8039aed2b5e6087dc8027c0a2b7705761fe32347b4a2126c1e4c06cfb346279150

    Score
    8/10

    • Blacklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks