General

  • Target

    c2d0774667bda56fd0245e703a2142f1e72edb44055838a4f898d3ebb35f4ba8

  • Size

    132KB

  • Sample

    221003-a26gssahbr

  • MD5

    660dcd87da91680f5fc14cc1053cde50

  • SHA1

    54df9fdfe272f9606e089c11b50b9c44f24387b2

  • SHA256

    c2d0774667bda56fd0245e703a2142f1e72edb44055838a4f898d3ebb35f4ba8

  • SHA512

    8d27c413c9334286ad174a32928b9aa89c4a2f803ed90d46247ee37414077898452b72c7755b09335986a6e0b49d9b9c8231ebb10e25234216e32d2ba6e42441

Malware Config

Targets

    • Target

      c2d0774667bda56fd0245e703a2142f1e72edb44055838a4f898d3ebb35f4ba8

    • Size

      132KB

    • MD5

      660dcd87da91680f5fc14cc1053cde50

    • SHA1

      54df9fdfe272f9606e089c11b50b9c44f24387b2

    • SHA256

      c2d0774667bda56fd0245e703a2142f1e72edb44055838a4f898d3ebb35f4ba8

    • SHA512

      8d27c413c9334286ad174a32928b9aa89c4a2f803ed90d46247ee37414077898452b72c7755b09335986a6e0b49d9b9c8231ebb10e25234216e32d2ba6e42441

    • Adds Run key to start application

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation