de4b0176e4101e96c63a1f54f98de7e88ae459c902125fcd907f9d4d2e3bccfd | Triage

Sharing

General

Target

de4b0176e4101e96c63a1f54f98de7e88ae459c902125fcd907f9d4d2e3bccfd
Size

142KB
Sample

221123-p5p2jsgb3z
MD5

eff93b725a34e848caadeacd7e312413
SHA1

aa2fb91233402e084518c7e69729a034966b8a90
SHA256

de4b0176e4101e96c63a1f54f98de7e88ae459c902125fcd907f9d4d2e3bccfd
SHA512

569b368b56fb3dac3efc391f612e4b034a138727a1d9b1c5eff4a3b8fdbc9362ae9a6f6d171bdf7168f75fc39519a9e98abf9c302c17cb3ade709dbaed01265d
SSDEEP

3072:Rjht362DdzRjOxRymbfcIsdSOJfqbbf3J0m34xCvRZ90VnhGSkdQM6oG7FAVZjqQ:xht362D5RjOxRymbfcIsd3JfUvJ0gVZO

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  de4b0176e4101e96c63a1f54f98de7e88ae459c902125fcd907f9d4d2e3bccfd
- Size
  
  142KB
- MD5
  
  eff93b725a34e848caadeacd7e312413
- SHA1
  
  aa2fb91233402e084518c7e69729a034966b8a90
- SHA256
  
  de4b0176e4101e96c63a1f54f98de7e88ae459c902125fcd907f9d4d2e3bccfd
- SHA512
  
  569b368b56fb3dac3efc391f612e4b034a138727a1d9b1c5eff4a3b8fdbc9362ae9a6f6d171bdf7168f75fc39519a9e98abf9c302c17cb3ade709dbaed01265d
- SSDEEP
  
  3072:Rjht362DdzRjOxRymbfcIsdSOJfqbbf3J0m34xCvRZ90VnhGSkdQM6oG7FAVZjqQ:xht362D5RjOxRymbfcIsd3JfUvJ0gVZO
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2