9c6a13e811d277c4e407f6f5921dddd2dfbeaf6cf0cb2bb0d8c8e22da368f479 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c6a13e811d277c4e407f6f5921dddd2dfbeaf6cf0cb2bb0d8c8e22da368f479
Size

137KB
Sample

221011-hyetnsbch7
MD5

64721339ce9d9101672cf9f83c9ebf46
SHA1

07bb239e104cc6ade91fb2ea6b28d8215b4d50c2
SHA256

9c6a13e811d277c4e407f6f5921dddd2dfbeaf6cf0cb2bb0d8c8e22da368f479
SHA512

9d503b9c61066c66688fc69ebe8ab200ecbc07a1e240fccdf646705b87c939ebd3ba8e80cf7cea89400742577a9e5ece271e07a93e5bfed758d3d5a34e276f31
SSDEEP

3072:tEsUqjkvgA+rROXqDvZ4e/hCL3CQ9vnkuOfpYoizXKv6tF/JQEgUlW:xpjqgAvsR4e5CL3C+vdOfppIXKSNrpU

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  9c6a13e811d277c4e407f6f5921dddd2dfbeaf6cf0cb2bb0d8c8e22da368f479
- Size
  
  137KB
- MD5
  
  64721339ce9d9101672cf9f83c9ebf46
- SHA1
  
  07bb239e104cc6ade91fb2ea6b28d8215b4d50c2
- SHA256
  
  9c6a13e811d277c4e407f6f5921dddd2dfbeaf6cf0cb2bb0d8c8e22da368f479
- SHA512
  
  9d503b9c61066c66688fc69ebe8ab200ecbc07a1e240fccdf646705b87c939ebd3ba8e80cf7cea89400742577a9e5ece271e07a93e5bfed758d3d5a34e276f31
- SSDEEP
  
  3072:tEsUqjkvgA+rROXqDvZ4e/hCL3CQ9vnkuOfpYoizXKv6tF/JQEgUlW:xpjqgAvsR4e5CL3C+vdOfppIXKSNrpU
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2