Overview

overview

8

Static

static

TT-4.exe

windows7_x64

8

TT-4.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TT-4.exe

  • Size

    307KB

  • Sample

    210627-ptyyendgzx

  • MD5

    19295d360b9ca2678d757d87d9445a65

  • SHA1

    ac9d2e9364f8914004af53406627e04fc8ce2b9d

  • SHA256

    f6baf2cbb7e86d3c1e140b0cc62dec7de55cc5359eeee7eda6f21ce0a00c13e9

  • SHA512

    25af690a903a1cac3716bfe347dd5ef3f68b2cf5da227603b37d003e47a0b6394a77d69b48a9b430cbbbf9f309a4c8eff3eee58d13326b99c755d399c892c156

Score
8/10
persistence

Malware Config

Targets

    • Target

      TT-4.exe

    • Size

      307KB

    • MD5

      19295d360b9ca2678d757d87d9445a65

    • SHA1

      ac9d2e9364f8914004af53406627e04fc8ce2b9d

    • SHA256

      f6baf2cbb7e86d3c1e140b0cc62dec7de55cc5359eeee7eda6f21ce0a00c13e9

    • SHA512

      25af690a903a1cac3716bfe347dd5ef3f68b2cf5da227603b37d003e47a0b6394a77d69b48a9b430cbbbf9f309a4c8eff3eee58d13326b99c755d399c892c156

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks