fb557bcc93562d5b68bde6c5577954b4df4597c4b078d99acbae396b60717f29 | Triage

Sharing

General

Target

fb557bcc93562d5b68bde6c5577954b4df4597c4b078d99acbae396b60717f29
Size

223KB
Sample

221030-ywjmvaghc8
MD5

82415e5164f2472b41c7c1c649e9205d
SHA1

b3e62f3dff0115a580e78602783a5b896e7f70c3
SHA256

fb557bcc93562d5b68bde6c5577954b4df4597c4b078d99acbae396b60717f29
SHA512

7499f2d615f851176c7c9244289bdb3314f3a3ef86980ca25571ddce67d89660c53d1c08435e16470117ebf620a689280c82c0341896f9110cdaca2de09f398e
SSDEEP

1536:ZIUKX8quuRWNp199xW96ZCVh8s4aBQFNpCeB+DI3GQkVLNSLUUkh1hC7u6WT5l9u:ZpqoNpGVh89Cg0RdXtK9r4U8zWtEW9

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fb557bcc93562d5b68bde6c5577954b4df4597c4b078d99acbae396b60717f29
- Size
  
  223KB
- MD5
  
  82415e5164f2472b41c7c1c649e9205d
- SHA1
  
  b3e62f3dff0115a580e78602783a5b896e7f70c3
- SHA256
  
  fb557bcc93562d5b68bde6c5577954b4df4597c4b078d99acbae396b60717f29
- SHA512
  
  7499f2d615f851176c7c9244289bdb3314f3a3ef86980ca25571ddce67d89660c53d1c08435e16470117ebf620a689280c82c0341896f9110cdaca2de09f398e
- SSDEEP
  
  1536:ZIUKX8quuRWNp199xW96ZCVh8s4aBQFNpCeB+DI3GQkVLNSLUUkh1hC7u6WT5l9u:ZpqoNpGVh89Cg0RdXtK9r4U8zWtEW9
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2