812bde6c32aeb16362516dff9a3f93163fc2469cfe362f03e0c0d166c1a54a9f | Triage

Sharing

General

Target

812bde6c32aeb16362516dff9a3f93163fc2469cfe362f03e0c0d166c1a54a9f
Size

154KB
Sample

221011-ld4h3sgbbq
MD5

4f9c292680910b6771a89cb1cb77e680
SHA1

97df76ecc8593f7c62b92cb781f9236a45eb7d00
SHA256

812bde6c32aeb16362516dff9a3f93163fc2469cfe362f03e0c0d166c1a54a9f
SHA512

05475ab90aca31917963d748510ee09e499ac1f28af69265c10c298d5e36e7459bbe1717fffcde0678e5c35d36886e586a9e46b3208d0f78897efe2607259adf
SSDEEP

3072:mtWZqwoa9Xa1Idart19Z1pPxctR1jfvk/Y271ahwVlxXYEtzcS:mtxIqqde1pPxctR1jfvk/Y271ahwVlx/

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  812bde6c32aeb16362516dff9a3f93163fc2469cfe362f03e0c0d166c1a54a9f
- Size
  
  154KB
- MD5
  
  4f9c292680910b6771a89cb1cb77e680
- SHA1
  
  97df76ecc8593f7c62b92cb781f9236a45eb7d00
- SHA256
  
  812bde6c32aeb16362516dff9a3f93163fc2469cfe362f03e0c0d166c1a54a9f
- SHA512
  
  05475ab90aca31917963d748510ee09e499ac1f28af69265c10c298d5e36e7459bbe1717fffcde0678e5c35d36886e586a9e46b3208d0f78897efe2607259adf
- SSDEEP
  
  3072:mtWZqwoa9Xa1Idart19Z1pPxctR1jfvk/Y271ahwVlxXYEtzcS:mtxIqqde1pPxctR1jfvk/Y271ahwVlx/
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2