ac4c2057efb4137e73e07b5f2706abbec548ba6c526d8fe12645e35c29345ad0 | Triage

Sharing

General

Target

SecuriteInfo.com.W32.MSIL_Kryptik.EWM.genEldorado.30775.5137
Size

1.3MB
Sample

210721-s9bv3mrjr6
MD5

8d4f45dd9a5b28f07fd1e3b1067de4b0
SHA1

a26b4056669b0866d248e6c5a6a29de4f41314ef
SHA256

ac4c2057efb4137e73e07b5f2706abbec548ba6c526d8fe12645e35c29345ad0
SHA512

aa577b037371b8c4695e4d12a0d45553584602dd00a475037ae8f42ee360b40dc5fa6309242ccc2b8a282f43144e75e8d0785fb7bc8e2919570977fa1794fdca

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  SecuriteInfo.com.W32.MSIL_Kryptik.EWM.genEldorado.30775.5137
- Size
  
  1.3MB
- MD5
  
  8d4f45dd9a5b28f07fd1e3b1067de4b0
- SHA1
  
  a26b4056669b0866d248e6c5a6a29de4f41314ef
- SHA256
  
  ac4c2057efb4137e73e07b5f2706abbec548ba6c526d8fe12645e35c29345ad0
- SHA512
  
  aa577b037371b8c4695e4d12a0d45553584602dd00a475037ae8f42ee360b40dc5fa6309242ccc2b8a282f43144e75e8d0785fb7bc8e2919570977fa1794fdca
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2