Overview

overview

6

Static

static

c2d0774667...a8.exe

windows7-x64

5

c2d0774667...a8.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2d0774667bda56fd0245e703a2142f1e72edb44055838a4f898d3ebb35f4ba8

  • Size

    132KB

  • Sample

    221003-a26gssahbr

  • MD5

    660dcd87da91680f5fc14cc1053cde50

  • SHA1

    54df9fdfe272f9606e089c11b50b9c44f24387b2

  • SHA256

    c2d0774667bda56fd0245e703a2142f1e72edb44055838a4f898d3ebb35f4ba8

  • SHA512

    8d27c413c9334286ad174a32928b9aa89c4a2f803ed90d46247ee37414077898452b72c7755b09335986a6e0b49d9b9c8231ebb10e25234216e32d2ba6e42441

  • SSDEEP

    3072:DJeY0a2Oqwuwgl7h4tFDQEEJeryV8d4JYymzePNNmeABVjVIEYJnzl9+e7Xn:L/EUryad4JQePNNmeqwEYJnTbn

Score
6/10
microsoftpersistencephishing

Malware Config

Targets

    • Target

      c2d0774667bda56fd0245e703a2142f1e72edb44055838a4f898d3ebb35f4ba8

    • Size

      132KB

    • MD5

      660dcd87da91680f5fc14cc1053cde50

    • SHA1

      54df9fdfe272f9606e089c11b50b9c44f24387b2

    • SHA256

      c2d0774667bda56fd0245e703a2142f1e72edb44055838a4f898d3ebb35f4ba8

    • SHA512

      8d27c413c9334286ad174a32928b9aa89c4a2f803ed90d46247ee37414077898452b72c7755b09335986a6e0b49d9b9c8231ebb10e25234216e32d2ba6e42441

    • SSDEEP

      3072:DJeY0a2Oqwuwgl7h4tFDQEEJeryV8d4JYymzePNNmeABVjVIEYJnzl9+e7Xn:L/EUryad4JQePNNmeqwEYJnTbn

    Score
    6/10
    microsoftpersistencephishing

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks