4990dab91421d71f4008a56b6286d389ee0ad1291aa6c52eb5265181a83a6dd0 | Triage

Sharing

General

Target

4990dab91421d71f4008a56b6286d389ee0ad1291aa6c52eb5265181a83a6dd0
Size

423KB
Sample

220712-tscmxahgbm
MD5

465684a387882a2967ab06480bbd5e41
SHA1

ca5de6208c51538cfd9658db7831194fc4ee928a
SHA256

4990dab91421d71f4008a56b6286d389ee0ad1291aa6c52eb5265181a83a6dd0
SHA512

bab8fa9a91a88ea7bdd814d2b0046586c7d4b845d750af00b50b147db3b25ba4fabc3bacc2f78b1cd361c45ed585f0cd69d7c3ac7a9b21bfa4ecbbcc42d4b088

Score

10^/10

persistence suricata

Malware Config

Targets

- Target
  
  4990dab91421d71f4008a56b6286d389ee0ad1291aa6c52eb5265181a83a6dd0
- Size
  
  423KB
- MD5
  
  465684a387882a2967ab06480bbd5e41
- SHA1
  
  ca5de6208c51538cfd9658db7831194fc4ee928a
- SHA256
  
  4990dab91421d71f4008a56b6286d389ee0ad1291aa6c52eb5265181a83a6dd0
- SHA512
  
  bab8fa9a91a88ea7bdd814d2b0046586c7d4b845d750af00b50b147db3b25ba4fabc3bacc2f78b1cd361c45ed585f0cd69d7c3ac7a9b21bfa4ecbbcc42d4b088
Score

10^/10

persistence suricata
- suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
  suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
  suricata
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencesuricata

behavioral2

persistencesuricata