814e040dcbab569dc28c6ddba6844eeab9926b97c8dc9fa288b4a568557fdeaa | Triage

Sharing

General

Target

814e040dcbab569dc28c6ddba6844eeab9926b97c8dc9fa288b4a568557fdeaa
Size

124KB
Sample

221029-ca8h7agdhl
MD5

006154ef212096ad03b12685136c4c50
SHA1

1b0bcc26c9868c8679402cbc87b5d26d90e7ce32
SHA256

814e040dcbab569dc28c6ddba6844eeab9926b97c8dc9fa288b4a568557fdeaa
SHA512

5ee6529c7878b84940a87f3a021f9dc275ec1369d923842fbbd4137c4b69fd18e9644a8b875add22d6c6def5107b540ebc82f14d35458174b5c05a13798d41f4
SSDEEP

1536:mvy50tV44aqwoa9ujdbNyVXa1lgNdaOCt1kTW4:mtWZqwoa9Xa1Idart194

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  814e040dcbab569dc28c6ddba6844eeab9926b97c8dc9fa288b4a568557fdeaa
- Size
  
  124KB
- MD5
  
  006154ef212096ad03b12685136c4c50
- SHA1
  
  1b0bcc26c9868c8679402cbc87b5d26d90e7ce32
- SHA256
  
  814e040dcbab569dc28c6ddba6844eeab9926b97c8dc9fa288b4a568557fdeaa
- SHA512
  
  5ee6529c7878b84940a87f3a021f9dc275ec1369d923842fbbd4137c4b69fd18e9644a8b875add22d6c6def5107b540ebc82f14d35458174b5c05a13798d41f4
- SSDEEP
  
  1536:mvy50tV44aqwoa9ujdbNyVXa1lgNdaOCt1kTW4:mtWZqwoa9Xa1Idart194
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2