db164258649dd46302a7a4271c5e71bb07e4fde0b722333a19eb6ebf754b64b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db164258649dd46302a7a4271c5e71bb07e4fde0b722333a19eb6ebf754b64b1
Size

112KB
Sample

221003-djqv6seghn
MD5

6033f9d6ecea87e26cc8f9d1d48b69b0
SHA1

0a449250747c479a6e660ac54088910c68f00727
SHA256

db164258649dd46302a7a4271c5e71bb07e4fde0b722333a19eb6ebf754b64b1
SHA512

84ac39fcf5c4042155d501535aaff15a9f4fa68c638fe20b1f894f70aee57d1f1803e13f32025f2ae482546e5b7bb7adc88b616202248f8486c515dc67ab21c0
SSDEEP

3072:4sE12Ell3J1uouicVJ1tSHYz7e47ew3D4:it/vDcL1oHn5w0

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  db164258649dd46302a7a4271c5e71bb07e4fde0b722333a19eb6ebf754b64b1
- Size
  
  112KB
- MD5
  
  6033f9d6ecea87e26cc8f9d1d48b69b0
- SHA1
  
  0a449250747c479a6e660ac54088910c68f00727
- SHA256
  
  db164258649dd46302a7a4271c5e71bb07e4fde0b722333a19eb6ebf754b64b1
- SHA512
  
  84ac39fcf5c4042155d501535aaff15a9f4fa68c638fe20b1f894f70aee57d1f1803e13f32025f2ae482546e5b7bb7adc88b616202248f8486c515dc67ab21c0
- SSDEEP
  
  3072:4sE12Ell3J1uouicVJ1tSHYz7e47ew3D4:it/vDcL1oHn5w0
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2