General

  • Target

    6e736c4bb791b83787d1866e1f286f52ab1a8fbc8a20d5061755b4ed7d99a2d6

  • Size

    1.2MB

  • Sample

    221002-sfnzqsdccj

  • MD5

    448167188d4f47b825a5aa8c0ac12f3e

  • SHA1

    52706abe223080b9f905174ff3d1a1a35e3db081

  • SHA256

    6e736c4bb791b83787d1866e1f286f52ab1a8fbc8a20d5061755b4ed7d99a2d6

  • SHA512

    97b970972b29d62c40a06b0d2cf06424c20cb7eb1b2fa199c39ed6f3c9b582e84f89ba3083d49d278a4342611a373e129842b385ed3f9c9d91860bf97e0eeafc

  • SSDEEP

    24576:QmO82iSkvu+T2tlgdW2fsJVlRnTR8GPPd6ZOJ6mYuCCN+R5KU:5O8bSkm+TgsW285n9bP+LZH5KU

Malware Config

Targets

    • Target

      6e736c4bb791b83787d1866e1f286f52ab1a8fbc8a20d5061755b4ed7d99a2d6

    • Size

      1.2MB

    • MD5

      448167188d4f47b825a5aa8c0ac12f3e

    • SHA1

      52706abe223080b9f905174ff3d1a1a35e3db081

    • SHA256

      6e736c4bb791b83787d1866e1f286f52ab1a8fbc8a20d5061755b4ed7d99a2d6

    • SHA512

      97b970972b29d62c40a06b0d2cf06424c20cb7eb1b2fa199c39ed6f3c9b582e84f89ba3083d49d278a4342611a373e129842b385ed3f9c9d91860bf97e0eeafc

    • SSDEEP

      24576:QmO82iSkvu+T2tlgdW2fsJVlRnTR8GPPd6ZOJ6mYuCCN+R5KU:5O8bSkm+TgsW285n9bP+LZH5KU

    • Adds Run key to start application

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks