06a0066a2d40b99d51c485589e8eae8f0402d04667285316b4706497764b2515 | Triage

Resubmissions

04/11/2024, 06:18

241104-g228pswbjh 10

29/01/2022, 20:03

220129-ys4hvahda5 8

Sharing

General

Target

06a0066a2d40b99d51c485589e8eae8f0402d04667285316b4706497764b2515
Size

335KB
Sample

220129-ys4hvahda5
MD5

114551a87fa332a243fc05b7246309b9
SHA1

3596aaec2e1703545b104f74b14998cf90123952
SHA256

06a0066a2d40b99d51c485589e8eae8f0402d04667285316b4706497764b2515
SHA512

1641c0cab72f4a91c1e0503c4a6153385a79c3632550317dfbb0c4f5fcc85806c94f67d6a93a455988751046d691786c42476e7d04745686337cfa2917f7cf1c

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  06a0066a2d40b99d51c485589e8eae8f0402d04667285316b4706497764b2515
- Size
  
  335KB
- MD5
  
  114551a87fa332a243fc05b7246309b9
- SHA1
  
  3596aaec2e1703545b104f74b14998cf90123952
- SHA256
  
  06a0066a2d40b99d51c485589e8eae8f0402d04667285316b4706497764b2515
- SHA512
  
  1641c0cab72f4a91c1e0503c4a6153385a79c3632550317dfbb0c4f5fcc85806c94f67d6a93a455988751046d691786c42476e7d04745686337cfa2917f7cf1c
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2