Overview

overview

8

Static

static

5e6f43e626...50.exe

windows7-x64

8

5e6f43e626...50.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e6f43e6260ee03b35c010f90909108a0b2cba96615ac1174d5e373d09c02050

  • Size

    323KB

  • Sample

    220919-xt7ffsdee7

  • MD5

    0a646c7eddb377017672fd782a89c081

  • SHA1

    e39e1758fbb1a10b94e1e5dfdd2a6849fa66901e

  • SHA256

    5e6f43e6260ee03b35c010f90909108a0b2cba96615ac1174d5e373d09c02050

  • SHA512

    50dbe326b60716554615daf9cf68f82a189d67bb3f84739251d8aa85ca1ea282e8a2d017dd04d6b4edf907f415979589b19a0aa8fcfd72b1f34edb96628580b9

  • SSDEEP

    6144:Dqfawfwd99vxoYC7+Li9IBCiiortLeY9ZvLmE7JWAN:Wfaos9DodvorsYzCQJBN

Score
8/10
persistence

Malware Config

Targets

    • Target

      5e6f43e6260ee03b35c010f90909108a0b2cba96615ac1174d5e373d09c02050

    • Size

      323KB

    • MD5

      0a646c7eddb377017672fd782a89c081

    • SHA1

      e39e1758fbb1a10b94e1e5dfdd2a6849fa66901e

    • SHA256

      5e6f43e6260ee03b35c010f90909108a0b2cba96615ac1174d5e373d09c02050

    • SHA512

      50dbe326b60716554615daf9cf68f82a189d67bb3f84739251d8aa85ca1ea282e8a2d017dd04d6b4edf907f415979589b19a0aa8fcfd72b1f34edb96628580b9

    • SSDEEP

      6144:Dqfawfwd99vxoYC7+Li9IBCiiortLeY9ZvLmE7JWAN:Wfaos9DodvorsYzCQJBN

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks