f4846a6f5b3122080ec0cc8bd6b2fd4045938d4e3e4d6caeaa62be79c1a67a3d | Triage

Sharing

General

Target

f4846a6f5b3122080ec0cc8bd6b2fd4045938d4e3e4d6caeaa62be79c1a67a3d
Size

434KB
Sample

220521-xa6d2sefbq
MD5

9538f63bd71c8139b818f4c145a66446
SHA1

4215c3c843c2d99e2dcbbf80987d174efc6c09f9
SHA256

f4846a6f5b3122080ec0cc8bd6b2fd4045938d4e3e4d6caeaa62be79c1a67a3d
SHA512

db03ec76a5f21e89ad449aa8273c3e8c77d631c11bd2123a1285a953f5fcfcd7266b49d230af659bb88c5de8c4ed84d78cd1595e8e814a350332ab3b4e9f5f4b

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  PO #2604195144.exe
- Size
  
  1.5MB
- MD5
  
  5362972a62de7251db4a08a631b96459
- SHA1
  
  2e06cf0148a06bf79c3ef08d494dfc2da6f1176b
- SHA256
  
  8bb9b00853b7ad74a9e4c41b8974ab369d16e6289c9e9e933be5fe56539af2b1
- SHA512
  
  408c18b454f558e80f916b53a50ca0a4a0f466ba3d7c31d030b90fac1b8918bb3518940405d81be1447431d249c18f4afc2196628319e8c47276889a45c7787a
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2