4521b808bdef66ad187a6aed96eb2a853d60e758884b66aedf031cddf21a1fb4 | Triage

Sharing

General

Target

4521b808bdef66ad187a6aed96eb2a853d60e758884b66aedf031cddf21a1fb4
Size

276KB
Sample

191025-747am3jafs
MD5

7f94935ab9fa0923cbbd8f1a97e41d7a
SHA1

d975a4ec55b2a3efb5bcacdb70bc71efeabdb6d4
SHA256

4521b808bdef66ad187a6aed96eb2a853d60e758884b66aedf031cddf21a1fb4
SHA512

65138678f940c546653db648eb5378d142691bc081d5927d3da858b1e8ec2e6dd7c34ef7a2b4142806f316e842efc6a2e1685e70ce7d0b683215108a7b9b09ee

Score

7^/10

Malware Config

Targets

- Target
  
  4521b808bdef66ad187a6aed96eb2a853d60e758884b66aedf031cddf21a1fb4
- Size
  
  276KB
- MD5
  
  7f94935ab9fa0923cbbd8f1a97e41d7a
- SHA1
  
  d975a4ec55b2a3efb5bcacdb70bc71efeabdb6d4
- SHA256
  
  4521b808bdef66ad187a6aed96eb2a853d60e758884b66aedf031cddf21a1fb4
- SHA512
  
  65138678f940c546653db648eb5378d142691bc081d5927d3da858b1e8ec2e6dd7c34ef7a2b4142806f316e842efc6a2e1685e70ce7d0b683215108a7b9b09ee
Score

7^/10
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Drops Office document
  dropper exploiter maldoc
- Modifies service
  persistence
- Suspicious use of SetThreadContext
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2