ddc3d1233a61f6c82efbd7e4e0bad8f4e416df064955a22d841b379f5eb3585d | Triage

Sharing

General

Target

ddc3d1233a61f6c82efbd7e4e0bad8f4e416df064955a22d841b379f5eb3585d
Size

63KB
Sample

221124-erzzgsbe6w
MD5

ade6b6ede33e71a4cc51dbed42b3a4a0
SHA1

655d586757b39b97256574f17ef8a1b3e312f18d
SHA256

ddc3d1233a61f6c82efbd7e4e0bad8f4e416df064955a22d841b379f5eb3585d
SHA512

3f369b6371ff7c82a795628c509b4f542abcb41119fcedec084b50f6e78579a71360d4fa67f78a84580d03ae6e021fbd77fbdaa5958d80b1b91567a8af2b1536
SSDEEP

1536:h4UHxpN/MUXsLTvCj0DBXJaOjgKWCGQtFg4yeIbCw:h4URpNUUX6z/DBXJfjgKWILgtr

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  ddc3d1233a61f6c82efbd7e4e0bad8f4e416df064955a22d841b379f5eb3585d
- Size
  
  63KB
- MD5
  
  ade6b6ede33e71a4cc51dbed42b3a4a0
- SHA1
  
  655d586757b39b97256574f17ef8a1b3e312f18d
- SHA256
  
  ddc3d1233a61f6c82efbd7e4e0bad8f4e416df064955a22d841b379f5eb3585d
- SHA512
  
  3f369b6371ff7c82a795628c509b4f542abcb41119fcedec084b50f6e78579a71360d4fa67f78a84580d03ae6e021fbd77fbdaa5958d80b1b91567a8af2b1536
- SSDEEP
  
  1536:h4UHxpN/MUXsLTvCj0DBXJaOjgKWCGQtFg4yeIbCw:h4URpNUUX6z/DBXJfjgKWILgtr
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2