02ed88393381058e2b4d5db1097325f8cbd70c34790d790707c50a9ccf5fe212 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02ed88393381058e2b4d5db1097325f8cbd70c34790d790707c50a9ccf5fe212
Size

323KB
Sample

221107-rtxy5aeabl
MD5

04efd243f5c63b7f070e6ecdb6fa6748
SHA1

23f2192d52fd2240c4f65021b9b7c00e19f12c95
SHA256

02ed88393381058e2b4d5db1097325f8cbd70c34790d790707c50a9ccf5fe212
SHA512

05961e9783be75836db9fa1c7639f3a7570ea6356411b4ec51eb4bbf931d377412be6617b105ef46160f33f61f01f20f9410608faca1294ac76fdd2c4c64c135
SSDEEP

6144:AmvSJd8rxG32Raz2dI57gD0quvYCnpAtzxLJ8Vf09va/3R3cTuRDFjN:AmvWarx+2RxmgYJvYCpALSV8YPR3cTsp

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  02ed88393381058e2b4d5db1097325f8cbd70c34790d790707c50a9ccf5fe212
- Size
  
  323KB
- MD5
  
  04efd243f5c63b7f070e6ecdb6fa6748
- SHA1
  
  23f2192d52fd2240c4f65021b9b7c00e19f12c95
- SHA256
  
  02ed88393381058e2b4d5db1097325f8cbd70c34790d790707c50a9ccf5fe212
- SHA512
  
  05961e9783be75836db9fa1c7639f3a7570ea6356411b4ec51eb4bbf931d377412be6617b105ef46160f33f61f01f20f9410608faca1294ac76fdd2c4c64c135
- SSDEEP
  
  6144:AmvSJd8rxG32Raz2dI57gD0quvYCnpAtzxLJ8Vf09va/3R3cTuRDFjN:AmvWarx+2RxmgYJvYCpALSV8YPR3cTsp
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2