Overview

overview

8

Static

static

2b0aa26b61...c5.exe

windows7-x64

8

2b0aa26b61...c5.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b0aa26b6108793645b26f7d70d0fab28fac27e4c8bcb7252d2ee4e3480570c5

  • Size

    350KB

  • Sample

    221123-vlk65shd22

  • MD5

    4ac860f2dfe44d64c0a43b9a3cc38e40

  • SHA1

    2085d9eec3602b1605a68356ab8167cb116bdee0

  • SHA256

    2b0aa26b6108793645b26f7d70d0fab28fac27e4c8bcb7252d2ee4e3480570c5

  • SHA512

    d69593a02ddb357fd2d5a302113a25d49df63971a1fbb483505ab7faee3e18e82a96d73c931278f549375b559409718d2a6ae0ff95d57d9dfaad11798042f7d9

  • SSDEEP

    6144:P7W9jgZngovqAHaxOK6W6beumW+XGccIuZENT3rdp3N:PagZ7vwx2/NmDXkIhp3

Score
8/10
persistence

Malware Config

Targets

    • Target

      2b0aa26b6108793645b26f7d70d0fab28fac27e4c8bcb7252d2ee4e3480570c5

    • Size

      350KB

    • MD5

      4ac860f2dfe44d64c0a43b9a3cc38e40

    • SHA1

      2085d9eec3602b1605a68356ab8167cb116bdee0

    • SHA256

      2b0aa26b6108793645b26f7d70d0fab28fac27e4c8bcb7252d2ee4e3480570c5

    • SHA512

      d69593a02ddb357fd2d5a302113a25d49df63971a1fbb483505ab7faee3e18e82a96d73c931278f549375b559409718d2a6ae0ff95d57d9dfaad11798042f7d9

    • SSDEEP

      6144:P7W9jgZngovqAHaxOK6W6beumW+XGccIuZENT3rdp3N:PagZ7vwx2/NmDXkIhp3

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks