c838932aa3993b65be6fff1c25fd8c877fddde52408ae73330834570a3313329 | Triage

Sharing

General

Target

c838932aa3993b65be6fff1c25fd8c877fddde52408ae73330834570a3313329
Size

220KB
Sample

221123-taf8dadd98
MD5

5438a030dab9792d62b1c014f27d3110
SHA1

2a3d4f8f423587a1f3761d496071642648d73887
SHA256

c838932aa3993b65be6fff1c25fd8c877fddde52408ae73330834570a3313329
SHA512

a13cec5f6f28d99d8b60d0aa9a9a47dbb3bcb51b2d2e1e671fc7d38183d3740a2f1524faf28ce406c6cbcb45b6a33f75c2830552793da3aab3b1e8d536e2ccdd
SSDEEP

3072:Y1XoC+/wXDCH+tNba2OdgSxSsGlpcH0hg1MMSX:Y1XoC+4XVNn4JGr5uMM

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c838932aa3993b65be6fff1c25fd8c877fddde52408ae73330834570a3313329
- Size
  
  220KB
- MD5
  
  5438a030dab9792d62b1c014f27d3110
- SHA1
  
  2a3d4f8f423587a1f3761d496071642648d73887
- SHA256
  
  c838932aa3993b65be6fff1c25fd8c877fddde52408ae73330834570a3313329
- SHA512
  
  a13cec5f6f28d99d8b60d0aa9a9a47dbb3bcb51b2d2e1e671fc7d38183d3740a2f1524faf28ce406c6cbcb45b6a33f75c2830552793da3aab3b1e8d536e2ccdd
- SSDEEP
  
  3072:Y1XoC+/wXDCH+tNba2OdgSxSsGlpcH0hg1MMSX:Y1XoC+4XVNn4JGr5uMM
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2