General

  • Target

    5ed3585295d1b336145f73b43ef15780526924ab34a8f0f70fcacb2a388ca111

  • Size

    969KB

  • Sample

    221003-h1qzqaecdq

  • MD5

    522bbd41342a23c2021a7f9f02dd3430

  • SHA1

    6ca2b8a2a5367fa714193a6042e32d6bfe018ede

  • SHA256

    5ed3585295d1b336145f73b43ef15780526924ab34a8f0f70fcacb2a388ca111

  • SHA512

    416989d8c3980ebfa19e83f0931e49e02d03d79be20829f3098beadb6f35ff847a9e8f86ab8683c00ae82c1a163580ef05225ccff6d6c2030e9fed3058f830ac

  • SSDEEP

    24576:VRmJkcoQricOIQxiZY1iaNros4Z1yZcLO9Q:6JZoQrbTFZY1iaBos4ZQIeQ

Malware Config

Targets

    • Target

      5ed3585295d1b336145f73b43ef15780526924ab34a8f0f70fcacb2a388ca111

    • Size

      969KB

    • MD5

      522bbd41342a23c2021a7f9f02dd3430

    • SHA1

      6ca2b8a2a5367fa714193a6042e32d6bfe018ede

    • SHA256

      5ed3585295d1b336145f73b43ef15780526924ab34a8f0f70fcacb2a388ca111

    • SHA512

      416989d8c3980ebfa19e83f0931e49e02d03d79be20829f3098beadb6f35ff847a9e8f86ab8683c00ae82c1a163580ef05225ccff6d6c2030e9fed3058f830ac

    • SSDEEP

      24576:VRmJkcoQricOIQxiZY1iaNros4Z1yZcLO9Q:6JZoQrbTFZY1iaBos4ZQIeQ

    • Adds Run key to start application

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks