General

  • Target

    6e736c4bb791b83787d1866e1f286f52ab1a8fbc8a20d5061755b4ed7d99a2d6

  • Size

    1MB

  • Sample

    221002-sfnzqsdccj

  • MD5

    448167188d4f47b825a5aa8c0ac12f3e

  • SHA1

    52706abe223080b9f905174ff3d1a1a35e3db081

  • SHA256

    6e736c4bb791b83787d1866e1f286f52ab1a8fbc8a20d5061755b4ed7d99a2d6

  • SHA512

    97b970972b29d62c40a06b0d2cf06424c20cb7eb1b2fa199c39ed6f3c9b582e84f89ba3083d49d278a4342611a373e129842b385ed3f9c9d91860bf97e0eeafc

Malware Config

Targets

    • Target

      6e736c4bb791b83787d1866e1f286f52ab1a8fbc8a20d5061755b4ed7d99a2d6

    • Size

      1MB

    • MD5

      448167188d4f47b825a5aa8c0ac12f3e

    • SHA1

      52706abe223080b9f905174ff3d1a1a35e3db081

    • SHA256

      6e736c4bb791b83787d1866e1f286f52ab1a8fbc8a20d5061755b4ed7d99a2d6

    • SHA512

      97b970972b29d62c40a06b0d2cf06424c20cb7eb1b2fa199c39ed6f3c9b582e84f89ba3083d49d278a4342611a373e129842b385ed3f9c9d91860bf97e0eeafc

    • Adds Run key to start application

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation