General

  • Target

    5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308

  • Size

    2.6MB

  • Sample

    221002-sxlwpseahm

  • MD5

    656436ec2c07053b199a19730a74283d

  • SHA1

    ff2b556a5fa2f0c1de17698a52fde3589607877b

  • SHA256

    5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308

  • SHA512

    07337ac7fcc5529a99b52c97facf554f61a9483ee40d8ca5375607858111b1abd1f10dab66cbf4829d3f9308925267429fb1285e9434d3f65658927151906c03

  • SSDEEP

    24576:IlVCxwY7fti7Hb3Z4e4VtHvtftQih8ESwSMP3/R6pjl:IlMw6tij+eGHhtQiqZjyRSJ

Malware Config

Targets

    • Target

      5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308

    • Size

      2.6MB

    • MD5

      656436ec2c07053b199a19730a74283d

    • SHA1

      ff2b556a5fa2f0c1de17698a52fde3589607877b

    • SHA256

      5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308

    • SHA512

      07337ac7fcc5529a99b52c97facf554f61a9483ee40d8ca5375607858111b1abd1f10dab66cbf4829d3f9308925267429fb1285e9434d3f65658927151906c03

    • SSDEEP

      24576:IlVCxwY7fti7Hb3Z4e4VtHvtftQih8ESwSMP3/R6pjl:IlMw6tij+eGHhtQiqZjyRSJ

    • Adds Run key to start application

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks