ab4d880bb698151777dbb02bec32450fcecf12c5dd9d2f56f05a1b7c4f6e47d8 | Triage

Sharing

General

Target

ab4d880bb698151777dbb02bec32450fcecf12c5dd9d2f56f05a1b7c4f6e47d8
Size

185KB
Sample

221107-bhkawsagg8
MD5

0f42113e3b660af93e5fef09615cb727
SHA1

be1f82b12dbc572f29516cef5859bc75024b52d5
SHA256

ab4d880bb698151777dbb02bec32450fcecf12c5dd9d2f56f05a1b7c4f6e47d8
SHA512

af12253e930ef35594a5c600ae1da977251c57b9c45e503ec6cf2c220a65e550e9a3b3e0c2f367b23b3a1f29471f01bf7418c97033758dd544cb5281f30f7578
SSDEEP

3072:mvRA50GP0vJ1uD8j6LqNPWWTBp1YsS+NSfXPc8/5/u0G:90RELqZWW9vhxsPfNu0

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  ab4d880bb698151777dbb02bec32450fcecf12c5dd9d2f56f05a1b7c4f6e47d8
- Size
  
  185KB
- MD5
  
  0f42113e3b660af93e5fef09615cb727
- SHA1
  
  be1f82b12dbc572f29516cef5859bc75024b52d5
- SHA256
  
  ab4d880bb698151777dbb02bec32450fcecf12c5dd9d2f56f05a1b7c4f6e47d8
- SHA512
  
  af12253e930ef35594a5c600ae1da977251c57b9c45e503ec6cf2c220a65e550e9a3b3e0c2f367b23b3a1f29471f01bf7418c97033758dd544cb5281f30f7578
- SSDEEP
  
  3072:mvRA50GP0vJ1uD8j6LqNPWWTBp1YsS+NSfXPc8/5/u0G:90RELqZWW9vhxsPfNu0
Score

8^/10

discovery persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2