89de06c3a0578431f63f029e9e5014079de4375bd8d376bba6096e46ce2f864c | Triage

Sharing

General

Target

89de06c3a0578431f63f029e9e5014079de4375bd8d376bba6096e46ce2f864c
Size

114KB
Sample

221123-q14vksad8x
MD5

66613e3e8afffb44443b375ad4ae891f
SHA1

e39d98c8c00b55a70dcbe424cb5483205bd75eb6
SHA256

89de06c3a0578431f63f029e9e5014079de4375bd8d376bba6096e46ce2f864c
SHA512

aa016e04f7c9534ed8f129d6a0f587772920a811376a3b6d253e505937c97a2953cef107fc2ffef64390ab8cb1ba78db11dda5931f94fe8c1fd392d5d1c846e4
SSDEEP

1536:cYI8bA8r/ODvarHHo42j8QT0J6gH5mpbejPCkORDTDHL066WNqbXNZ3DFG6:cD8UM/ODGHo8tMpCjqDTX066WNqT3Dj

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  89de06c3a0578431f63f029e9e5014079de4375bd8d376bba6096e46ce2f864c
- Size
  
  114KB
- MD5
  
  66613e3e8afffb44443b375ad4ae891f
- SHA1
  
  e39d98c8c00b55a70dcbe424cb5483205bd75eb6
- SHA256
  
  89de06c3a0578431f63f029e9e5014079de4375bd8d376bba6096e46ce2f864c
- SHA512
  
  aa016e04f7c9534ed8f129d6a0f587772920a811376a3b6d253e505937c97a2953cef107fc2ffef64390ab8cb1ba78db11dda5931f94fe8c1fd392d5d1c846e4
- SSDEEP
  
  1536:cYI8bA8r/ODvarHHo42j8QT0J6gH5mpbejPCkORDTDHL066WNqbXNZ3DFG6:cD8UM/ODGHo8tMpCjqDTX066WNqT3Dj
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2