General

  • Size

    2MB

  • Sample

    220923-g2z4cahcem

  • MD5

    81b999918d94285ca5791aed3c8157fe

  • SHA1

    2578c47353c13cf28468518c79ee5a035beed760

  • SHA256

    5917eaf394a1ef0e1dc0cdb4a00260efbf51d1ea20d48ab68f7325cfe4b3ad04

  • SHA512

    e7b92ccfe60142ea4e2605397104e5f0628c78431ff56a69a4868645b05444ece53679db26a724856f8c4c65d39017c51a467a27714b95f5aceee211ac70734e

Score
10/10

Malware Config

Targets

    • Target

      Install.exe

    • Size

      2MB

    • MD5

      81b999918d94285ca5791aed3c8157fe

    • SHA1

      2578c47353c13cf28468518c79ee5a035beed760

    • SHA256

      5917eaf394a1ef0e1dc0cdb4a00260efbf51d1ea20d48ab68f7325cfe4b3ad04

    • SHA512

      e7b92ccfe60142ea4e2605397104e5f0628c78431ff56a69a4868645b05444ece53679db26a724856f8c4c65d39017c51a467a27714b95f5aceee211ac70734e

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation