Overview

overview

8

Static

static

54914cb960...0b.exe

windows7-x64

8

54914cb960...0b.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54914cb960660fe3fd85c8f6512f192df80a322109237f57367709a211f0750b

  • Size

    500KB

  • Sample

    221123-rma6sagh93

  • MD5

    ae54b8f1a720989a3aef9b23ec06ecac

  • SHA1

    bdd4ca1b84f8154453d90912c1eaa002763c156f

  • SHA256

    54914cb960660fe3fd85c8f6512f192df80a322109237f57367709a211f0750b

  • SHA512

    eef30a72e151be7bedc39b75d2bd0a7bda7837818371f6ec056d34c205836a6440d8a3dc51d749134f138b1158e9c90e1411549e4b66f6b2c584d138b1251012

  • SSDEEP

    6144:dL3JBr2nuuudy/TuuuZqcoxBIU9CdGKuuuee+pJ5TvzeA0GM1/s2CXl2:dbnrZyCRcB5CdGqxy68/s2S2

Score
8/10
persistence

Malware Config

Targets

    • Target

      54914cb960660fe3fd85c8f6512f192df80a322109237f57367709a211f0750b

    • Size

      500KB

    • MD5

      ae54b8f1a720989a3aef9b23ec06ecac

    • SHA1

      bdd4ca1b84f8154453d90912c1eaa002763c156f

    • SHA256

      54914cb960660fe3fd85c8f6512f192df80a322109237f57367709a211f0750b

    • SHA512

      eef30a72e151be7bedc39b75d2bd0a7bda7837818371f6ec056d34c205836a6440d8a3dc51d749134f138b1158e9c90e1411549e4b66f6b2c584d138b1251012

    • SSDEEP

      6144:dL3JBr2nuuudy/TuuuZqcoxBIU9CdGKuuuee+pJ5TvzeA0GM1/s2CXl2:dbnrZyCRcB5CdGqxy68/s2S2

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks