fbab856b738109bb0ece8d46e7424dafe2b504612b25cf2b9fc1aec569151a4b | Triage

Sharing

General

Target

fbab856b738109bb0ece8d46e7424dafe2b504612b25cf2b9fc1aec569151a4b
Size

354KB
Sample

221124-l1pcnsfc58
MD5

bf739ec9836929fd5f184c058a964c80
SHA1

5dd0d75872291ef0072f97b4ed74408f9e9aedf1
SHA256

fbab856b738109bb0ece8d46e7424dafe2b504612b25cf2b9fc1aec569151a4b
SHA512

76e261a4d8c89de62f96d642381269a7a55fbf8950e104b1a727e37456a2d12eb5fb629f762dc4500e02858f7732e8e18000970b06e2ec32897264973e1615ad
SSDEEP

6144:TtKn+Y6Helr0DXe2VxXr5pyLoyn25pW6bacHO4lJen:Tk6HelreLxXdpyNcplWcHllJO

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  fbab856b738109bb0ece8d46e7424dafe2b504612b25cf2b9fc1aec569151a4b
- Size
  
  354KB
- MD5
  
  bf739ec9836929fd5f184c058a964c80
- SHA1
  
  5dd0d75872291ef0072f97b4ed74408f9e9aedf1
- SHA256
  
  fbab856b738109bb0ece8d46e7424dafe2b504612b25cf2b9fc1aec569151a4b
- SHA512
  
  76e261a4d8c89de62f96d642381269a7a55fbf8950e104b1a727e37456a2d12eb5fb629f762dc4500e02858f7732e8e18000970b06e2ec32897264973e1615ad
- SSDEEP
  
  6144:TtKn+Y6Helr0DXe2VxXr5pyLoyn25pW6bacHO4lJen:Tk6HelreLxXdpyNcplWcHllJO
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2