Overview

overview

8

Static

static

4a0d16c278...d8.exe

windows7-x64

8

4a0d16c278...d8.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a0d16c278af3e1dae3f83145a4e18435988210187b615b04fa79cd115a5dbd8

  • Size

    373KB

  • Sample

    221123-m9fbssgb68

  • MD5

    807344844ea9ef4c5c5eebf60775f884

  • SHA1

    feb2b4c90077973c337dfa6fd5a96076c8b7b84f

  • SHA256

    4a0d16c278af3e1dae3f83145a4e18435988210187b615b04fa79cd115a5dbd8

  • SHA512

    0c8af5fbac00c2b85b533fcd645392d4c36893caa8b29f1efbf4d86955394b6cea51f0a8a6f545f3927ff788271346f2f889978d5977f63e5ca337e3b58eb0da

  • SSDEEP

    6144:eAXnF5hWN3cPkLCWp+kxLaazQ/rJ6aQ/URjERT2ElYRktprr5h:eA15hy3cPkLXp+k5bzQ/V6a/54eurb

Score
8/10
persistence

Malware Config

Targets

    • Target

      4a0d16c278af3e1dae3f83145a4e18435988210187b615b04fa79cd115a5dbd8

    • Size

      373KB

    • MD5

      807344844ea9ef4c5c5eebf60775f884

    • SHA1

      feb2b4c90077973c337dfa6fd5a96076c8b7b84f

    • SHA256

      4a0d16c278af3e1dae3f83145a4e18435988210187b615b04fa79cd115a5dbd8

    • SHA512

      0c8af5fbac00c2b85b533fcd645392d4c36893caa8b29f1efbf4d86955394b6cea51f0a8a6f545f3927ff788271346f2f889978d5977f63e5ca337e3b58eb0da

    • SSDEEP

      6144:eAXnF5hWN3cPkLCWp+kxLaazQ/rJ6aQ/URjERT2ElYRktprr5h:eA15hy3cPkLXp+k5bzQ/V6a/54eurb

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks