Overview

overview

8

Static

static

ed8699ecda...2b.exe

windows7-x64

8

ed8699ecda...2b.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed8699ecdab7a4a0b2d862400433f431dc5085065971fd60297ce7b509af932b

  • Size

    176KB

  • Sample

    221124-be7a9agh42

  • MD5

    018c93e6b6d1c1d96800a543e269af01

  • SHA1

    c9ef453f9af3e2fc8c5bb1f81d524ea5eae337c6

  • SHA256

    ed8699ecdab7a4a0b2d862400433f431dc5085065971fd60297ce7b509af932b

  • SHA512

    34423fa4d97cda30b3a80e02085ef9036baf7b679e6e94e54d6dcff9b140be36f15bc433285a5c73e8538a76174aac8b2342ae0b4eb14d7d0f915f7c9101ae22

  • SSDEEP

    1536:8haN2fh0+TTQInoWGJcJJleqt1+Wgx3lFnHmleHSWgLAyXnnLm+AnqqLDTa26:2++TFnoWTTYBB1hHgN1Anq86

Score
8/10
persistence

Malware Config

Targets

    • Target

      ed8699ecdab7a4a0b2d862400433f431dc5085065971fd60297ce7b509af932b

    • Size

      176KB

    • MD5

      018c93e6b6d1c1d96800a543e269af01

    • SHA1

      c9ef453f9af3e2fc8c5bb1f81d524ea5eae337c6

    • SHA256

      ed8699ecdab7a4a0b2d862400433f431dc5085065971fd60297ce7b509af932b

    • SHA512

      34423fa4d97cda30b3a80e02085ef9036baf7b679e6e94e54d6dcff9b140be36f15bc433285a5c73e8538a76174aac8b2342ae0b4eb14d7d0f915f7c9101ae22

    • SSDEEP

      1536:8haN2fh0+TTQInoWGJcJJleqt1+Wgx3lFnHmleHSWgLAyXnnLm+AnqqLDTa26:2++TFnoWTTYBB1hHgN1Anq86

    Score
    8/10
    persistence

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks