82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3 | Triage

Sharing

General

Target

82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3
Size

172KB
Sample

221123-q44c8aaf8t
MD5

5ccecef24e3f696769cd2a93eedbf3d1
SHA1

9178aedf82ac47a2f85436a9075e3bfd97596a92
SHA256

82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3
SHA512

ac4136ce8b64645034f39533b5a0c8f7f3772c73c3294828d2d1c22a68ad548ff87a1aed52ab6222b34b1c4bfc85e570967c528c8f68bbed16237425f200ad64
SSDEEP

3072:iOvYX/j8uGJRsBk7DccKs+gtTLjn7TwndWERRJqqEV4wYoUzI7NE:/RuGkBkEcKs5/T9qLzK+lza

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3
- Size
  
  172KB
- MD5
  
  5ccecef24e3f696769cd2a93eedbf3d1
- SHA1
  
  9178aedf82ac47a2f85436a9075e3bfd97596a92
- SHA256
  
  82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3
- SHA512
  
  ac4136ce8b64645034f39533b5a0c8f7f3772c73c3294828d2d1c22a68ad548ff87a1aed52ab6222b34b1c4bfc85e570967c528c8f68bbed16237425f200ad64
- SSDEEP
  
  3072:iOvYX/j8uGJRsBk7DccKs+gtTLjn7TwndWERRJqqEV4wYoUzI7NE:/RuGkBkEcKs5/T9qLzK+lza
Score

8^/10

discovery persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2