7ae22ee20d89916729b0bbeb070ef32a7224657c446cc0db4165b36b261d12ff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7ae22ee20d89916729b0bbeb070ef32a7224657c446cc0db4165b36b261d12ff
Size

2.5MB
Sample

221017-2gb61addh4
MD5

45cf615d933419ef9d00f8d97a1398b3
SHA1

192b29caf7441cf066218a851369bb7ce05098ca
SHA256

7ae22ee20d89916729b0bbeb070ef32a7224657c446cc0db4165b36b261d12ff
SHA512

28544eaed74b56a3863fad0b4f0e127efd8ce0ccabd362dfc50f3108425713a1ff8434ea71e8f4fdbcfca9acdca4982a83ebf3439e7760d0c477c9e93b68ae16
SSDEEP

24576:woTeEqAgbv+zwJEYLQjggOYNYNk6qM4BMYNT6wdwScagc9Irkz6U+1gLkAAl3RuW:DiXLvXJrUjgaBRvIYz6U+1godl3

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  7ae22ee20d89916729b0bbeb070ef32a7224657c446cc0db4165b36b261d12ff
- Size
  
  2.5MB
- MD5
  
  45cf615d933419ef9d00f8d97a1398b3
- SHA1
  
  192b29caf7441cf066218a851369bb7ce05098ca
- SHA256
  
  7ae22ee20d89916729b0bbeb070ef32a7224657c446cc0db4165b36b261d12ff
- SHA512
  
  28544eaed74b56a3863fad0b4f0e127efd8ce0ccabd362dfc50f3108425713a1ff8434ea71e8f4fdbcfca9acdca4982a83ebf3439e7760d0c477c9e93b68ae16
- SSDEEP
  
  24576:woTeEqAgbv+zwJEYLQjggOYNYNk6qM4BMYNT6wdwScagc9Irkz6U+1gLkAAl3RuW:DiXLvXJrUjgaBRvIYz6U+1godl3
Score

8^/10

persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2