ef6491c53d7c8ef9fe2128d839084899379047a5a9d0d464a525c6c0ed70be97 | Triage

Sharing

General

Target

ef6491c53d7c8ef9fe2128d839084899379047a5a9d0d464a525c6c0ed70be97
Size

351KB
Sample

221106-hrc2hahaa9
MD5

0881b6b804dc273e3db47068fc2c50df
SHA1

4a720c0d101da6f5c9511a236b6ac55bbdb33655
SHA256

ef6491c53d7c8ef9fe2128d839084899379047a5a9d0d464a525c6c0ed70be97
SHA512

09956f7deed4ef84725f786a6e06853b381261af9820a0039a90f1e0ddc310c8bffcaab5c7ffe65271b99e00e425818364420e71f1c938044201d1abddf38693
SSDEEP

6144:5j6xvRw4yWlSIB+qSHuMK+Uu8J8RCf6GVAn69y/TNj6h3Jo/Yf:xC5SsfMK+UhJ3f60XkTN5w

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  ef6491c53d7c8ef9fe2128d839084899379047a5a9d0d464a525c6c0ed70be97
- Size
  
  351KB
- MD5
  
  0881b6b804dc273e3db47068fc2c50df
- SHA1
  
  4a720c0d101da6f5c9511a236b6ac55bbdb33655
- SHA256
  
  ef6491c53d7c8ef9fe2128d839084899379047a5a9d0d464a525c6c0ed70be97
- SHA512
  
  09956f7deed4ef84725f786a6e06853b381261af9820a0039a90f1e0ddc310c8bffcaab5c7ffe65271b99e00e425818364420e71f1c938044201d1abddf38693
- SSDEEP
  
  6144:5j6xvRw4yWlSIB+qSHuMK+Uu8J8RCf6GVAn69y/TNj6h3Jo/Yf:xC5SsfMK+UhJ3f60XkTN5w
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2