General

  • Target

    5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308

  • Size

    2MB

  • Sample

    221002-sxlwpseahm

  • MD5

    656436ec2c07053b199a19730a74283d

  • SHA1

    ff2b556a5fa2f0c1de17698a52fde3589607877b

  • SHA256

    5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308

  • SHA512

    07337ac7fcc5529a99b52c97facf554f61a9483ee40d8ca5375607858111b1abd1f10dab66cbf4829d3f9308925267429fb1285e9434d3f65658927151906c03

Malware Config

Targets

    • Target

      5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308

    • Size

      2MB

    • MD5

      656436ec2c07053b199a19730a74283d

    • SHA1

      ff2b556a5fa2f0c1de17698a52fde3589607877b

    • SHA256

      5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308

    • SHA512

      07337ac7fcc5529a99b52c97facf554f61a9483ee40d8ca5375607858111b1abd1f10dab66cbf4829d3f9308925267429fb1285e9434d3f65658927151906c03

    • Adds Run key to start application

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation