5df8223aab28440c164d6076dd1edb912f39781f9fbd2b19a19687c84876322f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5df8223aab28440c164d6076dd1edb912f39781f9fbd2b19a19687c84876322f
Size

303KB
Sample

221107-zklthabahm
MD5

0a17e91be61502388452a0d2954c54e0
SHA1

60e159db5edfd8a8f4e49bbbd042b3974bd29b5b
SHA256

5df8223aab28440c164d6076dd1edb912f39781f9fbd2b19a19687c84876322f
SHA512

544fb505934dfae21ef4d3639f41badbf1c5a94769057568009d6cb6100beb060669fd5c8996dd787340cdd81cb8611b46de0645f401c22c3f9126b1253ad314
SSDEEP

3072:cSklMGNkegKwwgIaezk5jbWp6ptDxJHuNGCAX8X5zuuMl+fxhgSn9Y/z+Lb/oG:c1z9gKpaevU2FAXY9/gSW/0/

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5df8223aab28440c164d6076dd1edb912f39781f9fbd2b19a19687c84876322f
- Size
  
  303KB
- MD5
  
  0a17e91be61502388452a0d2954c54e0
- SHA1
  
  60e159db5edfd8a8f4e49bbbd042b3974bd29b5b
- SHA256
  
  5df8223aab28440c164d6076dd1edb912f39781f9fbd2b19a19687c84876322f
- SHA512
  
  544fb505934dfae21ef4d3639f41badbf1c5a94769057568009d6cb6100beb060669fd5c8996dd787340cdd81cb8611b46de0645f401c22c3f9126b1253ad314
- SSDEEP
  
  3072:cSklMGNkegKwwgIaezk5jbWp6ptDxJHuNGCAX8X5zuuMl+fxhgSn9Y/z+Lb/oG:c1z9gKpaevU2FAXY9/gSW/0/
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2