Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308
Size

2MB
Sample

221002-sxlwpseahm
MD5

656436ec2c07053b199a19730a74283d
SHA1

ff2b556a5fa2f0c1de17698a52fde3589607877b
SHA256

5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308
SHA512

07337ac7fcc5529a99b52c97facf554f61a9483ee40d8ca5375607858111b1abd1f10dab66cbf4829d3f9308925267429fb1285e9434d3f65658927151906c03
SSDEEP

24576:IlVCxwY7fti7Hb3Z4e4VtHvtftQih8ESwSMP3/R6pjl:IlMw6tij+eGHhtQiqZjyRSJ

Score

6^/10

microsoft persistence phishing

Malware Config

Targets

- Target
  
  5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308
- Size
  
  2MB
- MD5
  
  656436ec2c07053b199a19730a74283d
- SHA1
  
  ff2b556a5fa2f0c1de17698a52fde3589607877b
- SHA256
  
  5f8e7c1b4fd87cfbff41369dc163e651a7d016c0f53d496867a76ccfee77b308
- SHA512
  
  07337ac7fcc5529a99b52c97facf554f61a9483ee40d8ca5375607858111b1abd1f10dab66cbf4829d3f9308925267429fb1285e9434d3f65658927151906c03
- SSDEEP
  
  24576:IlVCxwY7fti7Hb3Z4e4VtHvtftQih8ESwSMP3/R6pjl:IlMw6tij+eGHhtQiqZjyRSJ
Score

6^/10

microsoft persistence phishing
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Query Registry

T1012

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing