98cb31d9c3531c2d7dcd402baa61da19f3429a3c21ffd946aa25a5d1658c496f | Triage

Sharing

General

Target

98cb31d9c3531c2d7dcd402baa61da19f3429a3c21ffd946aa25a5d1658c496f
Size

237KB
Sample

221123-qvy25shh9w
MD5

fec90cb797861235e4e2f3e3f4848b68
SHA1

de561f4f830fe1d0c09e1db882f78547079201ff
SHA256

98cb31d9c3531c2d7dcd402baa61da19f3429a3c21ffd946aa25a5d1658c496f
SHA512

1d7c7d91e614a48dd8578d97a1f5b5c4bffe46593531081b9df120ac3dab1064334a3f713ee239b66d88c0bc26286c777293316655f8e8b20f9300890bc398a9
SSDEEP

3072:3LpxTJJWCXx7vCg0rKvtew+W2csDla6quB/y02lb4+KFfYUStKmLTaOetpKutbKB:3t9RdvCglBr4+GYUSFTwHKutbEC0U96

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  98cb31d9c3531c2d7dcd402baa61da19f3429a3c21ffd946aa25a5d1658c496f
- Size
  
  237KB
- MD5
  
  fec90cb797861235e4e2f3e3f4848b68
- SHA1
  
  de561f4f830fe1d0c09e1db882f78547079201ff
- SHA256
  
  98cb31d9c3531c2d7dcd402baa61da19f3429a3c21ffd946aa25a5d1658c496f
- SHA512
  
  1d7c7d91e614a48dd8578d97a1f5b5c4bffe46593531081b9df120ac3dab1064334a3f713ee239b66d88c0bc26286c777293316655f8e8b20f9300890bc398a9
- SSDEEP
  
  3072:3LpxTJJWCXx7vCg0rKvtew+W2csDla6quB/y02lb4+KFfYUStKmLTaOetpKutbKB:3t9RdvCglBr4+GYUSFTwHKutbEC0U96
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2