8440d728df369728e890307c490fe4feabfe4e11d6961598db036b13b5f38c47 | Triage

Sharing

General

Target

8440d728df369728e890307c490fe4feabfe4e11d6961598db036b13b5f38c47
Size

134KB
Sample

221123-q4gjfsff28
MD5

eeaf2bb4f5d50d890fb3f09513e461d4
SHA1

2cd23021972e59c9b9ff44c5495983aa2f5b00fc
SHA256

8440d728df369728e890307c490fe4feabfe4e11d6961598db036b13b5f38c47
SHA512

fec4c68a21d6e525a2a0c7b4251e05411991ff7f5b700c86f7e6dffceb654f51e501eb4f5f52ff77b95d4d8d9c5fa4688744e6924a84f86b5576eecdc72e500b
SSDEEP

3072:XOpLeDl8+nQIw1x3Pbkfqbbf3J6mY6RxSebUXrMWJMb:RDl8+xwX3PbwUvJ6mY6xbq2

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8440d728df369728e890307c490fe4feabfe4e11d6961598db036b13b5f38c47
- Size
  
  134KB
- MD5
  
  eeaf2bb4f5d50d890fb3f09513e461d4
- SHA1
  
  2cd23021972e59c9b9ff44c5495983aa2f5b00fc
- SHA256
  
  8440d728df369728e890307c490fe4feabfe4e11d6961598db036b13b5f38c47
- SHA512
  
  fec4c68a21d6e525a2a0c7b4251e05411991ff7f5b700c86f7e6dffceb654f51e501eb4f5f52ff77b95d4d8d9c5fa4688744e6924a84f86b5576eecdc72e500b
- SSDEEP
  
  3072:XOpLeDl8+nQIw1x3Pbkfqbbf3J6mY6RxSebUXrMWJMb:RDl8+xwX3PbwUvJ6mY6xbq2
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2