2e16ab849a2de34e377a82d2f89edf6d89780635f3afe24cceb6adf9895abd68 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e16ab849a2de34e377a82d2f89edf6d89780635f3afe24cceb6adf9895abd68
Size

108KB
Sample

221011-w7x89shea5
MD5

d916cedfa59016dbc28e88677aa76d22
SHA1

2ae34df91b18accc12d5d812095e9eb9586d4331
SHA256

2e16ab849a2de34e377a82d2f89edf6d89780635f3afe24cceb6adf9895abd68
SHA512

46b0c57d75dc340d5bbb5271a87f1f77003655c44c87daf7833605669e5a44b3b8ea45591130a04b1b23aee4857aceeaf21fac25c9c1333413488237d516fa95
SSDEEP

768:zn10+CDVYhPw7qMhGMIvc1Ujt6LCJg2LajfrS0CwtVkTGGu74zXTXaE9xU1Es0NU:Lj5u7SDXrjhsOoDP9HEY/OgFe5Ryv

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  2e16ab849a2de34e377a82d2f89edf6d89780635f3afe24cceb6adf9895abd68
- Size
  
  108KB
- MD5
  
  d916cedfa59016dbc28e88677aa76d22
- SHA1
  
  2ae34df91b18accc12d5d812095e9eb9586d4331
- SHA256
  
  2e16ab849a2de34e377a82d2f89edf6d89780635f3afe24cceb6adf9895abd68
- SHA512
  
  46b0c57d75dc340d5bbb5271a87f1f77003655c44c87daf7833605669e5a44b3b8ea45591130a04b1b23aee4857aceeaf21fac25c9c1333413488237d516fa95
- SSDEEP
  
  768:zn10+CDVYhPw7qMhGMIvc1Ujt6LCJg2LajfrS0CwtVkTGGu74zXTXaE9xU1Es0NU:Lj5u7SDXrjhsOoDP9HEY/OgFe5Ryv
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence