4032558fd4d20f7da8017fb41d5f03189e2a1d93d3db832f09b790fee07c3e78 | Triage

Sharing

General

Target

4032558fd4d20f7da8017fb41d5f03189e2a1d93d3db832f09b790fee07c3e78
Size

288KB
Sample

221124-qcldbsab6w
MD5

e2120cebaed740f7c2c1f3370461ea2a
SHA1

ea22ff60d0c1642bf837674f88d26813cdfdec99
SHA256

4032558fd4d20f7da8017fb41d5f03189e2a1d93d3db832f09b790fee07c3e78
SHA512

8bd5ffd9cc6b356db60c21c60affbe34e7bdb7ccd4bab2686f8d41a4f942b1f533d71d6a35e96a5ed1df0664b86f53c5a000531fe6a959b70ca5a1d8cccb63b1
SSDEEP

3072:FCuFVE5joK3xltB5I2g8TpasJkToCRDEwrU+Rw/Raw7dSyEZOzaCuF:ejtxPftTpasJk00EN+aZaw7QT

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  4032558fd4d20f7da8017fb41d5f03189e2a1d93d3db832f09b790fee07c3e78
- Size
  
  288KB
- MD5
  
  e2120cebaed740f7c2c1f3370461ea2a
- SHA1
  
  ea22ff60d0c1642bf837674f88d26813cdfdec99
- SHA256
  
  4032558fd4d20f7da8017fb41d5f03189e2a1d93d3db832f09b790fee07c3e78
- SHA512
  
  8bd5ffd9cc6b356db60c21c60affbe34e7bdb7ccd4bab2686f8d41a4f942b1f533d71d6a35e96a5ed1df0664b86f53c5a000531fe6a959b70ca5a1d8cccb63b1
- SSDEEP
  
  3072:FCuFVE5joK3xltB5I2g8TpasJkToCRDEwrU+Rw/Raw7dSyEZOzaCuF:ejtxPftTpasJk00EN+aZaw7QT
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2