796d1baf2b3dbce9ffdbe322b0d09ce77779654a627666d2325a33497e9164c9 | Triage

Sharing

General

Target

796d1baf2b3dbce9ffdbe322b0d09ce77779654a627666d2325a33497e9164c9
Size

196KB
Sample

221002-qclzvshfcl
MD5

5d10fbb309d83144255df7f12b50a610
SHA1

053ed9b6344bdb1120abf87bcf437989211c3584
SHA256

796d1baf2b3dbce9ffdbe322b0d09ce77779654a627666d2325a33497e9164c9
SHA512

87e9e74277bcf9ed601f2bdf20e1e5188a9b6c71018c566908c725942b6555105f2d73ed2b244812dfad58f8844c80bb6daa8951a0e62cfdef5f5035b0c7cc00
SSDEEP

3072:D/J9Iw00AWSyzFhOAMHVJnU9xcuxmbQCm38pC1XOE7h:t9IF0ufUBxyIrhOK

Score

8^/10

persistence upx

Malware Config

Targets

- Target
  
  796d1baf2b3dbce9ffdbe322b0d09ce77779654a627666d2325a33497e9164c9
- Size
  
  196KB
- MD5
  
  5d10fbb309d83144255df7f12b50a610
- SHA1
  
  053ed9b6344bdb1120abf87bcf437989211c3584
- SHA256
  
  796d1baf2b3dbce9ffdbe322b0d09ce77779654a627666d2325a33497e9164c9
- SHA512
  
  87e9e74277bcf9ed601f2bdf20e1e5188a9b6c71018c566908c725942b6555105f2d73ed2b244812dfad58f8844c80bb6daa8951a0e62cfdef5f5035b0c7cc00
- SSDEEP
  
  3072:D/J9Iw00AWSyzFhOAMHVJnU9xcuxmbQCm38pC1XOE7h:t9IF0ufUBxyIrhOK
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2