06521c5730af4efc5e8c6d9517e6da154bc653131dc22af44271d740b45ae7eb | Triage

Sharing

General

Target

yhhljgxudqeyowcinyde44154280653.zip
Size

5.3MB
Sample

220201-y65ytsbcfl
MD5

aedba99f0502f4dba07145ad6b161feb
SHA1

57b09bf79cc216de98ef787b5112ad1351b4f316
SHA256

06521c5730af4efc5e8c6d9517e6da154bc653131dc22af44271d740b45ae7eb
SHA512

2e077507859397b2d989a77ad4f8c8038c14262c791128f4604330a4a059b92b5d12d343a8df3f032d226b85a2f020dfbf638cfe1b579d40b6309ee0985f6bf6

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  yhhljgxudqeyowcinyde44154280653/db.log
- Size
  
  952KB
- MD5
  
  64dc543f839f52eb26f658585332b48b
- SHA1
  
  1207a7232c78c381cb6bacfa3d5485df2b5e59d3
- SHA256
  
  cd7d5c9b8ce5d3d51a813a8e957fbfbfde426f159aa584937e35a8e057b24c8e
- SHA512
  
  eb3f427e6a6ee3b4525f44ac412a2b4c64b76ac3efdaa0c2fa3f0dfbe5a1afd7052f78691ebd54c2cc0dcff02a3655b9e75b9d6de46a1bac4db38d1770e7512a
Score

8^/10

persistence
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  yhhljgxudqeyowcinyde44154280653/db/userinitUI.dll
- Size
  
  15KB
- MD5
  
  c6640126032a4ddcdaadf264b6b9b961
- SHA1
  
  ce6be849ec4bd62743dc48a3b2d47373a078ee2b
- SHA256
  
  e049855b8561c9f68889113362cbed470649db2575ee804e28474d1ee65827de
- SHA512
  
  2e8675451dc87d2d80294df791c0ddd7978d9204a4062da1694ead183ad0fcdb28eeea1f8a4b11606892ce740758ea821d7025751ac93dd0224697afbc12bb30
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral3 behavioral4
- Target
  
  yhhljgxudqeyowcinyde44154280653/log
- Size
  
  73KB
- MD5
  
  50e4ca3324fa01c3292ce82924a7400e
- SHA1
  
  7adfd487807bc2802bbb48d4d225c0f51a893e27
- SHA256
  
  fb6dd22ce7cb0a866a8810d30c4706eccfc58c6ff0599a1fc62cc2138f1378b2
- SHA512
  
  1c74763b9347bb953726fb419a4b88c24d4944a4de44b499f677ce2f3fe1b08e9eb9902c66d2b6785b1387263acedc834668421ff680312f1c8ae90f34020822
Score

1^/10
behavioral5 behavioral6
- Target
  
  yhhljgxudqeyowcinyde44154280653/smss.exe
- Size
  
  872KB
- MD5
  
  c56b5f0201a3b3de53e561fe76912bfd
- SHA1
  
  2a4062e10a5de813f5688221dbeb3f3ff33eb417
- SHA256
  
  237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
- SHA512
  
  195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral7 behavioral8
- Target
  
  yhhljgxudqeyowcinyde44154280653/sqlite3.dll
- Size
  
  910KB
- MD5
  
  def2572ccae7f518bd9d30f37b2fed04
- SHA1
  
  eaec1754a69c50eac99e774b07ef156a1ca6de06
- SHA256
  
  b712286d4d36c74fa32127f848b79cfb857fdc2b1c84bbbee285cf34752443a2
- SHA512
  
  f6183e6b7989cfc342f28074e0c79223765a5995e04e5e1e9d2c6edd12837bf5a825a0800f2941c3c7eedc37258052fd72fd7f1421d88c426666a30b4436aa4a
Score

10^/10

persistence
- Suspicious use of NtCreateProcessExOtherParentProcess
- Sets service image path in registry
  persistence
behavioral9 behavioral10
- Target
  
  yhhljgxudqeyowcinyde44154280653/userinit.exe
- Size
  
  162KB
- MD5
  
  c7575c57dd0b3e1d93b98f22281120ce
- SHA1
  
  6742c7a8f91bc1ad06908767b1bb01302f457bd3
- SHA256
  
  456be13b7bfd64a3046e06e6732880d99214669bc2c0d648e4ecffd83f9f75a5
- SHA512
  
  7186f700db928264bd98999732df0af1e14e4015c90658302612c166469e7a19432e3f23a2516c3be1449cf7b15cd6e957b187380598ce81bb29e719be58328b
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12