Overview

overview

6

Static

static

8bf979e774...f8.exe

windows7-x64

5

8bf979e774...f8.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bf979e7741f483a14855733e214181ca08b5afb89b75f9ee61735c2aa37bdf8

  • Size

    296KB

  • Sample

    221003-ne3paadehk

  • MD5

    58c3ff9a583c50731a73d383e019b1b1

  • SHA1

    d6bcf432e36b9feea86d4ba332b06263822a6411

  • SHA256

    8bf979e7741f483a14855733e214181ca08b5afb89b75f9ee61735c2aa37bdf8

  • SHA512

    b829b297069f0497ab451febc57c63480f641b8913481bc3b989e67f53ae91ada75393e1c10e1ebe1de32dc5ab3ba0c70cd6c2283ccec928f578813c297f8737

  • SSDEEP

    3072:JheIcHrdOir142th73p8oigrQGe365DBvUB1zA0v1PmMn4SOUKavYrDGw3G+8a1v:9y193mtP2Dtgf+44SNBA3J1ibEIh5pG

Score
6/10
microsoftpersistencephishing

Malware Config

Targets

    • Target

      8bf979e7741f483a14855733e214181ca08b5afb89b75f9ee61735c2aa37bdf8

    • Size

      296KB

    • MD5

      58c3ff9a583c50731a73d383e019b1b1

    • SHA1

      d6bcf432e36b9feea86d4ba332b06263822a6411

    • SHA256

      8bf979e7741f483a14855733e214181ca08b5afb89b75f9ee61735c2aa37bdf8

    • SHA512

      b829b297069f0497ab451febc57c63480f641b8913481bc3b989e67f53ae91ada75393e1c10e1ebe1de32dc5ab3ba0c70cd6c2283ccec928f578813c297f8737

    • SSDEEP

      3072:JheIcHrdOir142th73p8oigrQGe365DBvUB1zA0v1PmMn4SOUKavYrDGw3G+8a1v:9y193mtP2Dtgf+44SNBA3J1ibEIh5pG

    Score
    6/10
    microsoftpersistencephishing

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks