2f9ca514375d3d060d375c500a948bf4d80e2d83b08c82cc4a33f532b77b67fe | Triage

Sharing

General

Target

2f9ca514375d3d060d375c500a948bf4d80e2d83b08c82cc4a33f532b77b67fe
Size

270KB
Sample

221123-r14egsaa86
MD5

b956bce75c05e483f6b6e5a87a78da60
SHA1

cfa722912249d42d8f713918ea85f02c1f9e22d1
SHA256

2f9ca514375d3d060d375c500a948bf4d80e2d83b08c82cc4a33f532b77b67fe
SHA512

6f73a55cce3f91726342b05d5170a29dfa5407c7f8360339ae65a7bcad4226e65a41030650b659f59b843d01a902a163379d1650bd9b98abda107254c11439fb
SSDEEP

3072:F90nbyJIZIascP+NjVyBjA+ACL/eUNZItRoHHjAD0M1BQBKOnFpJCGGGGG9M2hd:keCfs4+VCA+FL2UNZlH6loK7GGGGGG2D

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  2f9ca514375d3d060d375c500a948bf4d80e2d83b08c82cc4a33f532b77b67fe
- Size
  
  270KB
- MD5
  
  b956bce75c05e483f6b6e5a87a78da60
- SHA1
  
  cfa722912249d42d8f713918ea85f02c1f9e22d1
- SHA256
  
  2f9ca514375d3d060d375c500a948bf4d80e2d83b08c82cc4a33f532b77b67fe
- SHA512
  
  6f73a55cce3f91726342b05d5170a29dfa5407c7f8360339ae65a7bcad4226e65a41030650b659f59b843d01a902a163379d1650bd9b98abda107254c11439fb
- SSDEEP
  
  3072:F90nbyJIZIascP+NjVyBjA+ACL/eUNZItRoHHjAD0M1BQBKOnFpJCGGGGG9M2hd:keCfs4+VCA+FL2UNZlH6loK7GGGGGG2D
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2