Overview

overview

8

Static

static

472b678218...5c.exe

windows7-x64

8

472b678218...5c.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    472b678218aeffc5d5b352550612d1da44a4734d83d1e14646440560e251fb5c

  • Size

    428KB

  • Sample

    221123-rr72bacd4t

  • MD5

    ad7313b71afd12bb2bdf006931fe0fd9

  • SHA1

    df85d9fc222b241eb26cad8281666f2ccf901ba3

  • SHA256

    472b678218aeffc5d5b352550612d1da44a4734d83d1e14646440560e251fb5c

  • SHA512

    4505d1ba04c5d9f3d5da9dbf428bfa581272bc5c3bafda3a74b214e00a50332c42bbb790194f3363265ce0443a367a8326a1706846d169de40888365e627c6d5

  • SSDEEP

    12288:vGYuufqCYpkYcnyxSPB/wTcOP6M2hElG7b7Xxk832mJOq:+UfqCOkpyxSPBoTcEh832mJ

Score
8/10
persistence

Malware Config

Targets

    • Target

      472b678218aeffc5d5b352550612d1da44a4734d83d1e14646440560e251fb5c

    • Size

      428KB

    • MD5

      ad7313b71afd12bb2bdf006931fe0fd9

    • SHA1

      df85d9fc222b241eb26cad8281666f2ccf901ba3

    • SHA256

      472b678218aeffc5d5b352550612d1da44a4734d83d1e14646440560e251fb5c

    • SHA512

      4505d1ba04c5d9f3d5da9dbf428bfa581272bc5c3bafda3a74b214e00a50332c42bbb790194f3363265ce0443a367a8326a1706846d169de40888365e627c6d5

    • SSDEEP

      12288:vGYuufqCYpkYcnyxSPB/wTcOP6M2hElG7b7Xxk832mJOq:+UfqCOkpyxSPBoTcEh832mJ

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks