f191a1d7276a5a9ff90b222e63adb19d4081b601e6a575885a9afcb246b90628 | Triage

Sharing

General

Target

f191a1d7276a5a9ff90b222e63adb19d4081b601e6a575885a9afcb246b90628
Size

292KB
Sample

221123-pystvsff5w
MD5

ebda4501e8b0ecc3b981de7fa572fb64
SHA1

7618a02766d016f17cc2c70bcfa71b426a35bcf3
SHA256

f191a1d7276a5a9ff90b222e63adb19d4081b601e6a575885a9afcb246b90628
SHA512

74af806de611c01fb7a8d689f1a89adc1ce899ea25c359d024db60398ab9db2cff3818434c352a9e695f390eef805e23ca70f8b20a3561f8cec2cc6d26d425cc
SSDEEP

6144:UhHnkDP4+FTp0uduFXl+lArT8vQbOPfGu:UhHWpBColBQbOPfGu

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f191a1d7276a5a9ff90b222e63adb19d4081b601e6a575885a9afcb246b90628
- Size
  
  292KB
- MD5
  
  ebda4501e8b0ecc3b981de7fa572fb64
- SHA1
  
  7618a02766d016f17cc2c70bcfa71b426a35bcf3
- SHA256
  
  f191a1d7276a5a9ff90b222e63adb19d4081b601e6a575885a9afcb246b90628
- SHA512
  
  74af806de611c01fb7a8d689f1a89adc1ce899ea25c359d024db60398ab9db2cff3818434c352a9e695f390eef805e23ca70f8b20a3561f8cec2cc6d26d425cc
- SSDEEP
  
  6144:UhHnkDP4+FTp0uduFXl+lArT8vQbOPfGu:UhHWpBColBQbOPfGu
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2