c174581cc24568d8536ad6b30cf6e99421af42f9905b04b3cae06505321a9d70 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c174581cc24568d8536ad6b30cf6e99421af42f9905b04b3cae06505321a9d70
Size

277KB
Sample

220919-t7bddscgdm
MD5

c71169080728d29c2b64742e592d59de
SHA1

a53c1ff551073b5fad49dd72a1e8d85c3894f405
SHA256

c174581cc24568d8536ad6b30cf6e99421af42f9905b04b3cae06505321a9d70
SHA512

67d99a59f65ac710e9a15299e4c39c8249f3d5b870069f8e507087b8ac9e3a8766e7f79149ad7cfb29fb2340b05389b33e370c0a1f8ccebd138a05fee29465b3
SSDEEP

3072:r54a/hIdKf8TfmRgq2QI39d7P3pjTvcEOgDX/XA4mbaARY5MTF9vKYKC1IkXuJxT:9pudlTfLF5vzA4sav5apKYKb2hfDd+T

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  c174581cc24568d8536ad6b30cf6e99421af42f9905b04b3cae06505321a9d70
- Size
  
  277KB
- MD5
  
  c71169080728d29c2b64742e592d59de
- SHA1
  
  a53c1ff551073b5fad49dd72a1e8d85c3894f405
- SHA256
  
  c174581cc24568d8536ad6b30cf6e99421af42f9905b04b3cae06505321a9d70
- SHA512
  
  67d99a59f65ac710e9a15299e4c39c8249f3d5b870069f8e507087b8ac9e3a8766e7f79149ad7cfb29fb2340b05389b33e370c0a1f8ccebd138a05fee29465b3
- SSDEEP
  
  3072:r54a/hIdKf8TfmRgq2QI39d7P3pjTvcEOgDX/XA4mbaARY5MTF9vKYKC1IkXuJxT:9pudlTfLF5vzA4sav5apKYKb2hfDd+T
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1