4c20eae868cdbc9b87492830b017e966006cd73ced9bd2470c3671505245d0be | Triage

Sharing

General

Target

4c20eae868cdbc9b87492830b017e966006cd73ced9bd2470c3671505245d0be
Size

885KB
Sample

221123-s3h21afh8z
MD5

fee513bac5f939d2cc391f8bb8cfe1ed
SHA1

b038192367b2b18b3edaac72b8d05a3558f029ce
SHA256

4c20eae868cdbc9b87492830b017e966006cd73ced9bd2470c3671505245d0be
SHA512

5816a23c2c9564403ba771de189b07c9749e28540b6e0b588690f6b53f472e3437a4d9e7fdb304137296c557dc4769744fe0dcd4c6315341fe7361ed8a649946
SSDEEP

12288:7x8Q/oWtPr0Ey9dr+RGiyur2E6FJxv1wFtPu369+I5uwdONzE/AA6VZDJTj4O:7lloEyXkXrr2hJxv1n36sIJM9U6PW

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  4c20eae868cdbc9b87492830b017e966006cd73ced9bd2470c3671505245d0be
- Size
  
  885KB
- MD5
  
  fee513bac5f939d2cc391f8bb8cfe1ed
- SHA1
  
  b038192367b2b18b3edaac72b8d05a3558f029ce
- SHA256
  
  4c20eae868cdbc9b87492830b017e966006cd73ced9bd2470c3671505245d0be
- SHA512
  
  5816a23c2c9564403ba771de189b07c9749e28540b6e0b588690f6b53f472e3437a4d9e7fdb304137296c557dc4769744fe0dcd4c6315341fe7361ed8a649946
- SSDEEP
  
  12288:7x8Q/oWtPr0Ey9dr+RGiyur2E6FJxv1wFtPu369+I5uwdONzE/AA6VZDJTj4O:7lloEyXkXrr2hJxv1n36sIJM9U6PW
Score

9^/10

evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2