19f1f596368535756b9565bed5d95e6cc11e28a9455579b7fb04623e7153a2e5 | Triage

Sharing

General

Target

19f1f596368535756b9565bed5d95e6cc11e28a9455579b7fb04623e7153a2e5
Size

78KB
Sample

221124-esbchsbe71
MD5

7f51658d2344b664929b8f0e3d786724
SHA1

e55ca3aa0e85e04e096b5366ba3b99622aaf63d6
SHA256

19f1f596368535756b9565bed5d95e6cc11e28a9455579b7fb04623e7153a2e5
SHA512

095f759a8a93324948983b80cb7e4600713e05256a2bb6dbb7f3ce4d0cb2cd2bff7937fe72ced4e6fafc4bb94ab6c80c0c7f56e48306a6779d03412a51d40b53
SSDEEP

1536:x4UHxpN/MUXsLTvCj0DBXJaOhcRWRcfFFxBKV4OvQ5mTGgoGsXxRFzOn5e:x4URpNUUX6z/DBXJfhcRWRc33KrvQ5m+

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  19f1f596368535756b9565bed5d95e6cc11e28a9455579b7fb04623e7153a2e5
- Size
  
  78KB
- MD5
  
  7f51658d2344b664929b8f0e3d786724
- SHA1
  
  e55ca3aa0e85e04e096b5366ba3b99622aaf63d6
- SHA256
  
  19f1f596368535756b9565bed5d95e6cc11e28a9455579b7fb04623e7153a2e5
- SHA512
  
  095f759a8a93324948983b80cb7e4600713e05256a2bb6dbb7f3ce4d0cb2cd2bff7937fe72ced4e6fafc4bb94ab6c80c0c7f56e48306a6779d03412a51d40b53
- SSDEEP
  
  1536:x4UHxpN/MUXsLTvCj0DBXJaOhcRWRcfFFxBKV4OvQ5mTGgoGsXxRFzOn5e:x4URpNUUX6z/DBXJfhcRWRc33KrvQ5m+
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2