25170398a9327ac7b9e7b8d22d48e917f2f27a10e59f670f4119bbdecd8f803b | Triage

Sharing

General

Target

25170398a9327ac7b9e7b8d22d48e917f2f27a10e59f670f4119bbdecd8f803b
Size

309KB
Sample

221121-jn4wgsdg9y
MD5

409a9740bf75294d8373093a4ecd4290
SHA1

4f142a54d6143f46668c9f6199f5067bfba413f1
SHA256

25170398a9327ac7b9e7b8d22d48e917f2f27a10e59f670f4119bbdecd8f803b
SHA512

165df2872358c3b6a5a8a64bc6665e651a657e20a023e63ec90ca034318a66d53d1ca41d6cc226235915083292a06f293135f277a493f2cc1d2e256464ba4377
SSDEEP

3072:aYYLxhy8+xTB1l3trI+Eh7gkzzKTr6kvqRte0jPsQuZ2C6s1O:anFhmxTB7drI/7gkzKTr6gQuZa2

Score

6^/10

microsoft persistence phishing

Malware Config

Targets

- Target
  
  25170398a9327ac7b9e7b8d22d48e917f2f27a10e59f670f4119bbdecd8f803b
- Size
  
  309KB
- MD5
  
  409a9740bf75294d8373093a4ecd4290
- SHA1
  
  4f142a54d6143f46668c9f6199f5067bfba413f1
- SHA256
  
  25170398a9327ac7b9e7b8d22d48e917f2f27a10e59f670f4119bbdecd8f803b
- SHA512
  
  165df2872358c3b6a5a8a64bc6665e651a657e20a023e63ec90ca034318a66d53d1ca41d6cc226235915083292a06f293135f277a493f2cc1d2e256464ba4377
- SSDEEP
  
  3072:aYYLxhy8+xTB1l3trI+Eh7gkzzKTr6kvqRte0jPsQuZ2C6s1O:anFhmxTB7drI/7gkzKTr6gQuZa2
Score

6^/10

microsoft persistence phishing
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing