Overview

overview

8

Static

static

2363caa692...3c.exe

windows7-x64

8

2363caa692...3c.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2363caa6929908500a459aa41cd27c9f8f63bd1a0e13d081af7d25bdfc7ba33c

  • Size

    191KB

  • Sample

    221123-r5wv7sdd71

  • MD5

    7fb6b13d8caee1d6bd7fead75c30f5ab

  • SHA1

    885db78bad71287dd62b091d34e4d7bd67490afa

  • SHA256

    2363caa6929908500a459aa41cd27c9f8f63bd1a0e13d081af7d25bdfc7ba33c

  • SHA512

    6285b4dfbc0760b7dcbcaf4bc4823b849f3e5a9389dc469aacdb5f14f30990775926e48529fd62043a1e38908f47b5b91fa63db410d86581907978bc1d4ff9c2

  • SSDEEP

    3072:41iaU+3rjl6VUvvgL/lALKDL+3+kZ0w94ifW3ontQ0ZTcdwOTo7:dwjwOvgrSLKH+3H0wc3otd22D

Score
8/10
persistence

Malware Config

Targets

    • Target

      2363caa6929908500a459aa41cd27c9f8f63bd1a0e13d081af7d25bdfc7ba33c

    • Size

      191KB

    • MD5

      7fb6b13d8caee1d6bd7fead75c30f5ab

    • SHA1

      885db78bad71287dd62b091d34e4d7bd67490afa

    • SHA256

      2363caa6929908500a459aa41cd27c9f8f63bd1a0e13d081af7d25bdfc7ba33c

    • SHA512

      6285b4dfbc0760b7dcbcaf4bc4823b849f3e5a9389dc469aacdb5f14f30990775926e48529fd62043a1e38908f47b5b91fa63db410d86581907978bc1d4ff9c2

    • SSDEEP

      3072:41iaU+3rjl6VUvvgL/lALKDL+3+kZ0w94ifW3ontQ0ZTcdwOTo7:dwjwOvgrSLKH+3H0wc3otd22D

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks