561c8a236123c746e966aeae0a71bd2a15bbbf7f5e42dc84bb97f791afca3451 | Triage

Sharing

General

Target

561c8a236123c746e966aeae0a71bd2a15bbbf7f5e42dc84bb97f791afca3451
Size

344KB
Sample

220725-gfycmahchq
MD5

0494ee7f42635a1016a9f3545d7bdb83
SHA1

975a1764e0a233b1df60c7cc96897076546daaa9
SHA256

561c8a236123c746e966aeae0a71bd2a15bbbf7f5e42dc84bb97f791afca3451
SHA512

dbf69fdd20c06f4d221ac2e85cc59f2e2c91d46396ca13539918d6d2301c0cc1d3be39c82c6d59d7f7db864ea08d9d9d682ecb9b5aa9180bf858674806756120

Score

10^/10

discovery suricata

Malware Config

Targets

- Target
  
  561c8a236123c746e966aeae0a71bd2a15bbbf7f5e42dc84bb97f791afca3451
- Size
  
  344KB
- MD5
  
  0494ee7f42635a1016a9f3545d7bdb83
- SHA1
  
  975a1764e0a233b1df60c7cc96897076546daaa9
- SHA256
  
  561c8a236123c746e966aeae0a71bd2a15bbbf7f5e42dc84bb97f791afca3451
- SHA512
  
  dbf69fdd20c06f4d221ac2e85cc59f2e2c91d46396ca13539918d6d2301c0cc1d3be39c82c6d59d7f7db864ea08d9d9d682ecb9b5aa9180bf858674806756120
Score

10^/10

discovery suricata
- suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
  suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
  suricata
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverysuricata

behavioral2