ffeca24dd7deea7502f58e800bfc929013aec0a7fa6688213c7c0c5b92cb66b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffeca24dd7deea7502f58e800bfc929013aec0a7fa6688213c7c0c5b92cb66b1
Size

170KB
Sample

221107-tmgdxahddn
MD5

04671290097f7d007445a6de8999b841
SHA1

675ebec1dd3991e63e24decb2428d677a3527ec4
SHA256

ffeca24dd7deea7502f58e800bfc929013aec0a7fa6688213c7c0c5b92cb66b1
SHA512

85c9b2eff90fd3c96880e984dfdcd9511e844b860371ea1737836f5065e3db32ba81b778b4de0525566359daf52e5ab00dce3cd2539783a39a5d4345ad7977ed
SSDEEP

3072:mtWZqwoa9Xa1Idart19w1EUTSxYnK0etjLcztNvUxHkUoU8yCVFdsrVHAblo7goK:mtxIqqdJ

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  ffeca24dd7deea7502f58e800bfc929013aec0a7fa6688213c7c0c5b92cb66b1
- Size
  
  170KB
- MD5
  
  04671290097f7d007445a6de8999b841
- SHA1
  
  675ebec1dd3991e63e24decb2428d677a3527ec4
- SHA256
  
  ffeca24dd7deea7502f58e800bfc929013aec0a7fa6688213c7c0c5b92cb66b1
- SHA512
  
  85c9b2eff90fd3c96880e984dfdcd9511e844b860371ea1737836f5065e3db32ba81b778b4de0525566359daf52e5ab00dce3cd2539783a39a5d4345ad7977ed
- SSDEEP
  
  3072:mtWZqwoa9Xa1Idart19w1EUTSxYnK0etjLcztNvUxHkUoU8yCVFdsrVHAblo7goK:mtxIqqdJ
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2