General

  • Target

    58ce17682e4d7dd7e3e3937f796543b1504aa58301561ce45962793ded2fb0da

  • Size

    86KB

  • Sample

    221002-s5ht1sedgq

  • MD5

    027d8cca3d1d316e7196071497500ec0

  • SHA1

    34951925b9ee92fa180e02bd2d5881c3c8e100d6

  • SHA256

    58ce17682e4d7dd7e3e3937f796543b1504aa58301561ce45962793ded2fb0da

  • SHA512

    5b54d3a0cbb479ee59e8c2962db051c518fae9740e07162559174efaed2c6cc129e5c00c50591abf242f8500f9e1c241abed40563283df02715ff31d26e7882e

Malware Config

Targets

    • Target

      58ce17682e4d7dd7e3e3937f796543b1504aa58301561ce45962793ded2fb0da

    • Size

      86KB

    • MD5

      027d8cca3d1d316e7196071497500ec0

    • SHA1

      34951925b9ee92fa180e02bd2d5881c3c8e100d6

    • SHA256

      58ce17682e4d7dd7e3e3937f796543b1504aa58301561ce45962793ded2fb0da

    • SHA512

      5b54d3a0cbb479ee59e8c2962db051c518fae9740e07162559174efaed2c6cc129e5c00c50591abf242f8500f9e1c241abed40563283df02715ff31d26e7882e

    • Adds Run key to start application

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation