ac8e72ff45ff3a3f8f478b2392f3cad619a02cb05a3f3a9c900e07e68a0bfdf2 | Triage

Sharing

General

Target

ac8e72ff45ff3a3f8f478b2392f3cad619a02cb05a3f3a9c900e07e68a0bfdf2
Size

138KB
Sample

221124-f783rsca66
MD5

5e3a2dd4ee8652039d8125829f1d78bb
SHA1

bdce0442cd69e9e98f7a61830260b988dc94c866
SHA256

ac8e72ff45ff3a3f8f478b2392f3cad619a02cb05a3f3a9c900e07e68a0bfdf2
SHA512

59ebd9d05e5fe3dde5237c03d2ed4c52d06ba473bbf48ec1df741031bbdde2fdd4515787132322d49ef8be397363e4d68880a2100ae985b20ab0fa2ba84bdbc5
SSDEEP

3072:KTH+x50VJqtHGbu5XCniylWrtGA1GHvGXaCH1Fukp1b3wQGG:KTeoGtmiYlW4A1QvGXjBkQGG

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  ac8e72ff45ff3a3f8f478b2392f3cad619a02cb05a3f3a9c900e07e68a0bfdf2
- Size
  
  138KB
- MD5
  
  5e3a2dd4ee8652039d8125829f1d78bb
- SHA1
  
  bdce0442cd69e9e98f7a61830260b988dc94c866
- SHA256
  
  ac8e72ff45ff3a3f8f478b2392f3cad619a02cb05a3f3a9c900e07e68a0bfdf2
- SHA512
  
  59ebd9d05e5fe3dde5237c03d2ed4c52d06ba473bbf48ec1df741031bbdde2fdd4515787132322d49ef8be397363e4d68880a2100ae985b20ab0fa2ba84bdbc5
- SSDEEP
  
  3072:KTH+x50VJqtHGbu5XCniylWrtGA1GHvGXaCH1Fukp1b3wQGG:KTeoGtmiYlW4A1QvGXjBkQGG
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2