af28218f896260f98df4e72290019cb6609022775a9cd453da326e3923608d63 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af28218f896260f98df4e72290019cb6609022775a9cd453da326e3923608d63
Size

138KB
Sample

221011-s1wkbacbhm
MD5

65172a05f6cd0f7e3f0fed55bd13f5ff
SHA1

6e26e6f59b83f4ac67e13d5c975f841271b237bd
SHA256

af28218f896260f98df4e72290019cb6609022775a9cd453da326e3923608d63
SHA512

64bfd3b0bea2484fbb24129b6e922f24a148cdc607efdef6dad86186f9943bd040e58b1c7b1cf9889c94a64cdc587b958e32bb86e1fe0ee9311ad7e137626bcc
SSDEEP

3072:qzW1LZQEduEgsW2UPqxUEHqkC0i50/YXiQXT+t/8XIgfUTaXD3kz1QNm:qzW1L+QHhUPqxUEFQiQwkXhfUThQk

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  af28218f896260f98df4e72290019cb6609022775a9cd453da326e3923608d63
- Size
  
  138KB
- MD5
  
  65172a05f6cd0f7e3f0fed55bd13f5ff
- SHA1
  
  6e26e6f59b83f4ac67e13d5c975f841271b237bd
- SHA256
  
  af28218f896260f98df4e72290019cb6609022775a9cd453da326e3923608d63
- SHA512
  
  64bfd3b0bea2484fbb24129b6e922f24a148cdc607efdef6dad86186f9943bd040e58b1c7b1cf9889c94a64cdc587b958e32bb86e1fe0ee9311ad7e137626bcc
- SSDEEP
  
  3072:qzW1LZQEduEgsW2UPqxUEHqkC0i50/YXiQXT+t/8XIgfUTaXD3kz1QNm:qzW1L+QHhUPqxUEFQiQwkXhfUThQk
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2