2afb56f9883333a92484679a1f60fedfce0d0c0fe1b59c39fe6f83c20e634713 | Triage

Sharing

General

Target

2afb56f9883333a92484679a1f60fedfce0d0c0fe1b59c39fe6f83c20e634713
Size

82KB
Sample

221123-l3cfwsch69
MD5

f60b195ddc9eedff98c6d9d845843798
SHA1

923c439ea631ade434f3087aae4d41b8909cbbca
SHA256

2afb56f9883333a92484679a1f60fedfce0d0c0fe1b59c39fe6f83c20e634713
SHA512

995e6130c26c8496e45c038ac4d397b1ef5cdebdfc9d1570afe2f9e2bfad78705da6dde429fb177583eca434b729d7676c2503f81f83e3a246afed675e0901f6
SSDEEP

1536:r2SC7dt/biTq1imHnebmEEDrh3eA6wgtWM35pEPeYVq:CSCnzo4dDr9eRwgtX35amY4

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  2afb56f9883333a92484679a1f60fedfce0d0c0fe1b59c39fe6f83c20e634713
- Size
  
  82KB
- MD5
  
  f60b195ddc9eedff98c6d9d845843798
- SHA1
  
  923c439ea631ade434f3087aae4d41b8909cbbca
- SHA256
  
  2afb56f9883333a92484679a1f60fedfce0d0c0fe1b59c39fe6f83c20e634713
- SHA512
  
  995e6130c26c8496e45c038ac4d397b1ef5cdebdfc9d1570afe2f9e2bfad78705da6dde429fb177583eca434b729d7676c2503f81f83e3a246afed675e0901f6
- SSDEEP
  
  1536:r2SC7dt/biTq1imHnebmEEDrh3eA6wgtWM35pEPeYVq:CSCnzo4dDr9eRwgtX35amY4
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence