df2fa289b5019bcf182599ff696040e1bc87c62887877ababfe63fb53f34c1cb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df2fa289b5019bcf182599ff696040e1bc87c62887877ababfe63fb53f34c1cb
Size

40KB
Sample

221106-s3epkshed8
MD5

2050e2f3d63985320dda1f7bbeeaaf50
SHA1

381fc77f6e6329879850d7b3ad15fefc18c4087a
SHA256

df2fa289b5019bcf182599ff696040e1bc87c62887877ababfe63fb53f34c1cb
SHA512

5ecafa13d7fea8e90b500efa7a04571d6d1650aa938c809f9e1c7a5f7f3510a9c2570e62beff79c6da1fe82d58a880e71c74d9689a548c9ac8cdf08960b79a94
SSDEEP

768:7HKbQWplNtLFnC5W3kb8D3LdWjjFkGifBjiQ:mbQGlfLFnC5W3kb8bdiQ

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  df2fa289b5019bcf182599ff696040e1bc87c62887877ababfe63fb53f34c1cb
- Size
  
  40KB
- MD5
  
  2050e2f3d63985320dda1f7bbeeaaf50
- SHA1
  
  381fc77f6e6329879850d7b3ad15fefc18c4087a
- SHA256
  
  df2fa289b5019bcf182599ff696040e1bc87c62887877ababfe63fb53f34c1cb
- SHA512
  
  5ecafa13d7fea8e90b500efa7a04571d6d1650aa938c809f9e1c7a5f7f3510a9c2570e62beff79c6da1fe82d58a880e71c74d9689a548c9ac8cdf08960b79a94
- SSDEEP
  
  768:7HKbQWplNtLFnC5W3kb8D3LdWjjFkGifBjiQ:mbQGlfLFnC5W3kb8bdiQ
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2