4c197a526a9115452227a499391e58619c88ee2b55f24577d2aa8c6d897e0edb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c197a526a9115452227a499391e58619c88ee2b55f24577d2aa8c6d897e0edb
Size

294KB
Sample

221029-2ngp3aacc7
MD5

84e5fa028654dc62fbdf678d2a417e20
SHA1

9ef47cb5bfb7c6f11fde2900bdf1e0a644e3aeb3
SHA256

4c197a526a9115452227a499391e58619c88ee2b55f24577d2aa8c6d897e0edb
SHA512

a6772b5808cddfe8387244fc5222d7f1041cba53cfd240221923ff3426d688bc210dc327f8d267eccd61b6fad6635d079e1d21556c88cc73cac811974ccb864f
SSDEEP

6144:r9A3QYFvyvywU6NLpKG+GsNYuuzjkn/Q8q9RRGiCk5WAI:RCQap69oGzsNYuuzKI8q7Rh8AI

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  4c197a526a9115452227a499391e58619c88ee2b55f24577d2aa8c6d897e0edb
- Size
  
  294KB
- MD5
  
  84e5fa028654dc62fbdf678d2a417e20
- SHA1
  
  9ef47cb5bfb7c6f11fde2900bdf1e0a644e3aeb3
- SHA256
  
  4c197a526a9115452227a499391e58619c88ee2b55f24577d2aa8c6d897e0edb
- SHA512
  
  a6772b5808cddfe8387244fc5222d7f1041cba53cfd240221923ff3426d688bc210dc327f8d267eccd61b6fad6635d079e1d21556c88cc73cac811974ccb864f
- SSDEEP
  
  6144:r9A3QYFvyvywU6NLpKG+GsNYuuzjkn/Q8q9RRGiCk5WAI:RCQap69oGzsNYuuzKI8q7Rh8AI
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2