24ea6b7f6e8f941bb616e24dc8b0abad3f11945704e1babaf38a7aeb0246d71f | Triage

Sharing

General

Target

24ea6b7f6e8f941bb616e24dc8b0abad3f11945704e1babaf38a7aeb0246d71f
Size

180KB
Sample

220919-np5lmaehd6
MD5

2d8462b9f8252c83bb461cd14010b2bd
SHA1

a05fa49c558fa2e6439a814d72056fc9b3a748d8
SHA256

24ea6b7f6e8f941bb616e24dc8b0abad3f11945704e1babaf38a7aeb0246d71f
SHA512

10698b5e857c9fe6d6a40791c5b01a12b610d6760053c6c44353d2d735e8c98f0446e302b712232bf81f93bf3a06bb1efd565206ef4a0807fb3fbd82e1ba2845
SSDEEP

3072:pXvTb0Y5FmB3nF7WZvr3OBCR+L550cmZ9Sm4vQeVDjee3RpMOGPv:pfMQFmB3nF7Whr3OBCITagbJDjee3Rpg

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  24ea6b7f6e8f941bb616e24dc8b0abad3f11945704e1babaf38a7aeb0246d71f
- Size
  
  180KB
- MD5
  
  2d8462b9f8252c83bb461cd14010b2bd
- SHA1
  
  a05fa49c558fa2e6439a814d72056fc9b3a748d8
- SHA256
  
  24ea6b7f6e8f941bb616e24dc8b0abad3f11945704e1babaf38a7aeb0246d71f
- SHA512
  
  10698b5e857c9fe6d6a40791c5b01a12b610d6760053c6c44353d2d735e8c98f0446e302b712232bf81f93bf3a06bb1efd565206ef4a0807fb3fbd82e1ba2845
- SSDEEP
  
  3072:pXvTb0Y5FmB3nF7WZvr3OBCR+L550cmZ9Sm4vQeVDjee3RpMOGPv:pfMQFmB3nF7Whr3OBCITagbJDjee3Rpg
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2