5aa6888bfc648bc38be1c2637fc65c7b241681a288068905bececd3c1d8ec80d | Triage

Sharing

General

Target

5aa6888bfc648bc38be1c2637fc65c7b241681a288068905bececd3c1d8ec80d
Size

544KB
Sample

221123-t968vagd69
MD5

3a639a1b820d1d51223aa58c0dece868
SHA1

a23fdaa6cb27300ca97852df1b66f8f78d062e71
SHA256

5aa6888bfc648bc38be1c2637fc65c7b241681a288068905bececd3c1d8ec80d
SHA512

a23cbd95e1fa8fa52314c6be5f6fc832490b452cf5a2ba7c24da37370ad9b12e155e77a3c8ab8dba5ed9c5b76fa590c56376036003f0b25632c1946e1831ffa6
SSDEEP

12288:tWFPqONAT+cUNz1XZHwCN1fmhwZ/G+rkjfi/gR:tWFPqONAT+cUNzcFwZu+rk24

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  5aa6888bfc648bc38be1c2637fc65c7b241681a288068905bececd3c1d8ec80d
- Size
  
  544KB
- MD5
  
  3a639a1b820d1d51223aa58c0dece868
- SHA1
  
  a23fdaa6cb27300ca97852df1b66f8f78d062e71
- SHA256
  
  5aa6888bfc648bc38be1c2637fc65c7b241681a288068905bececd3c1d8ec80d
- SHA512
  
  a23cbd95e1fa8fa52314c6be5f6fc832490b452cf5a2ba7c24da37370ad9b12e155e77a3c8ab8dba5ed9c5b76fa590c56376036003f0b25632c1946e1831ffa6
- SSDEEP
  
  12288:tWFPqONAT+cUNz1XZHwCN1fmhwZ/G+rkjfi/gR:tWFPqONAT+cUNzcFwZu+rk24
Score

10^/10

evasion
- Modifies firewall policy service
  evasion
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2