a3af6a68a32a5734493ac2ada8968fce49aeae4b22c9bee505b9d9fcf732afa8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3af6a68a32a5734493ac2ada8968fce49aeae4b22c9bee505b9d9fcf732afa8
Size

1.0MB
Sample

221011-earlsadcfj
MD5

692a1d34cd7f7b145ef8d948c3cf42e6
SHA1

cdec60fd3babf50a42c73ce6f29b6708d60b6976
SHA256

a3af6a68a32a5734493ac2ada8968fce49aeae4b22c9bee505b9d9fcf732afa8
SHA512

1fbe57b0b6658069d63f857665780cb2acb2020617d5812386ec8e82d94cf067a5feefee6d089ebc1add98294b64818bfcb1e4ae7f29f2b4903cc36f36af6b5b
SSDEEP

24576:FVTnu29GSh7tuvhonSlaHvp4xAGwzJPYQmXgeohZsv:FVTnu3vhxqvvz5FmvoTsv

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a3af6a68a32a5734493ac2ada8968fce49aeae4b22c9bee505b9d9fcf732afa8
- Size
  
  1.0MB
- MD5
  
  692a1d34cd7f7b145ef8d948c3cf42e6
- SHA1
  
  cdec60fd3babf50a42c73ce6f29b6708d60b6976
- SHA256
  
  a3af6a68a32a5734493ac2ada8968fce49aeae4b22c9bee505b9d9fcf732afa8
- SHA512
  
  1fbe57b0b6658069d63f857665780cb2acb2020617d5812386ec8e82d94cf067a5feefee6d089ebc1add98294b64818bfcb1e4ae7f29f2b4903cc36f36af6b5b
- SSDEEP
  
  24576:FVTnu29GSh7tuvhonSlaHvp4xAGwzJPYQmXgeohZsv:FVTnu3vhxqvvz5FmvoTsv
Score

8^/10

persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2