5eeeff350333bae8cc0e8a0fb2117e366e65f513e2b21144a52f70e98474f04a | Triage

Sharing

General

Target

5eeeff350333bae8cc0e8a0fb2117e366e65f513e2b21144a52f70e98474f04a
Size

327KB
Sample

221123-rhmzsagf63
MD5

af5802e08b93be5ba00e7f52e7012807
SHA1

b493160c357482e4dbec84e750e1d21d9fdafc15
SHA256

5eeeff350333bae8cc0e8a0fb2117e366e65f513e2b21144a52f70e98474f04a
SHA512

ceb82c4cb2e24911ae0e5ee3696761b1b7f5e40291da1c33f6beb6e412bbf17ebd80cfff048867fe2a08e1debbb637c2a5501d53a6aef1cd8401801ee82d8b4e
SSDEEP

6144:FJCvfb//eyEFyOStCMWQUt67Q4yP0hTTyN/+CrU+O+LqO:FJKb//evFyOStoy7yP0VbCA+qO

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  5eeeff350333bae8cc0e8a0fb2117e366e65f513e2b21144a52f70e98474f04a
- Size
  
  327KB
- MD5
  
  af5802e08b93be5ba00e7f52e7012807
- SHA1
  
  b493160c357482e4dbec84e750e1d21d9fdafc15
- SHA256
  
  5eeeff350333bae8cc0e8a0fb2117e366e65f513e2b21144a52f70e98474f04a
- SHA512
  
  ceb82c4cb2e24911ae0e5ee3696761b1b7f5e40291da1c33f6beb6e412bbf17ebd80cfff048867fe2a08e1debbb637c2a5501d53a6aef1cd8401801ee82d8b4e
- SSDEEP
  
  6144:FJCvfb//eyEFyOStCMWQUt67Q4yP0hTTyN/+CrU+O+LqO:FJKb//evFyOStoy7yP0VbCA+qO
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2