Overview

overview

8

Static

static

98200cc0ff...93.exe

windows7-x64

8

98200cc0ff...93.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98200cc0ff273cfec73adf55562836adec4c86e85ec4f31dea7d233d54df4393

  • Size

    300KB

  • Sample

    221123-qv56fsfa23

  • MD5

    1e65378ed7d208e3f7d3700f32b73cf1

  • SHA1

    eb49144024cd00e2d2aac7c8adf13d89cc2a5535

  • SHA256

    98200cc0ff273cfec73adf55562836adec4c86e85ec4f31dea7d233d54df4393

  • SHA512

    26df5f42a9d60f3040992560d0c3e133c62bad8bf4cdc5b1cf35f899f7dd70d9a48140988e654df779dfe3f326ec76d074e044a0c13f811e7873b804c2830d58

  • SSDEEP

    6144:07DJbyFLycSQRcOCUVJDQfwjpCU2NVG4hBMkVkIs31E:07DJbopSyhNQWs/BwOkIH

Score
8/10
persistence

Malware Config

Targets

    • Target

      98200cc0ff273cfec73adf55562836adec4c86e85ec4f31dea7d233d54df4393

    • Size

      300KB

    • MD5

      1e65378ed7d208e3f7d3700f32b73cf1

    • SHA1

      eb49144024cd00e2d2aac7c8adf13d89cc2a5535

    • SHA256

      98200cc0ff273cfec73adf55562836adec4c86e85ec4f31dea7d233d54df4393

    • SHA512

      26df5f42a9d60f3040992560d0c3e133c62bad8bf4cdc5b1cf35f899f7dd70d9a48140988e654df779dfe3f326ec76d074e044a0c13f811e7873b804c2830d58

    • SSDEEP

      6144:07DJbyFLycSQRcOCUVJDQfwjpCU2NVG4hBMkVkIs31E:07DJbopSyhNQWs/BwOkIH

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks