6a6654b5219ad38195b61e8287d6aab356f0eca40d8e809d422d9075c66dde02 | Triage

Sharing

General

Target

6a6654b5219ad38195b61e8287d6aab356f0eca40d8e809d422d9075c66dde02
Size

2.0MB
Sample

221123-vt958sch81
MD5

4fafff53eb3b2bffc2eecfdd47cd7a03
SHA1

8c46164f41e47a123a877590ca9d14e4dd48d5bd
SHA256

6a6654b5219ad38195b61e8287d6aab356f0eca40d8e809d422d9075c66dde02
SHA512

bc067942224c844aaabfa017a623c7dcf0b7ec4f55ff2f5f774b78466c1a93ca951b62930eb5ae49bfa8bd62534fd22f4edb44e8977b7c091c470732558b942a
SSDEEP

49152:dryR4nWLGC43UD41Lm79ePoyaSOT6vZFw8U:0RW+AWdgZG8U

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  6a6654b5219ad38195b61e8287d6aab356f0eca40d8e809d422d9075c66dde02
- Size
  
  2.0MB
- MD5
  
  4fafff53eb3b2bffc2eecfdd47cd7a03
- SHA1
  
  8c46164f41e47a123a877590ca9d14e4dd48d5bd
- SHA256
  
  6a6654b5219ad38195b61e8287d6aab356f0eca40d8e809d422d9075c66dde02
- SHA512
  
  bc067942224c844aaabfa017a623c7dcf0b7ec4f55ff2f5f774b78466c1a93ca951b62930eb5ae49bfa8bd62534fd22f4edb44e8977b7c091c470732558b942a
- SSDEEP
  
  49152:dryR4nWLGC43UD41Lm79ePoyaSOT6vZFw8U:0RW+AWdgZG8U
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2