c23ea10773c29c28d150a1c1d2c81fc5047ae70cb646c88a6730cff0058f1267 | Triage

Sharing

General

Target

c23ea10773c29c28d150a1c1d2c81fc5047ae70cb646c88a6730cff0058f1267
Size

73KB
Sample

221124-ye7ckshf71
MD5

3a823c5d29fb0418b595e4cc233f6f2d
SHA1

fcc1beca900d2a9e067436a42c423057164cf26d
SHA256

c23ea10773c29c28d150a1c1d2c81fc5047ae70cb646c88a6730cff0058f1267
SHA512

758b4d89afda81c08c350fed94d84e670fb3c030c50c17c879a6b557b401174e285b955349c901c0ac8a7e29a7795570260d7a092aad72619c6cd24693d14f48
SSDEEP

1536:qg3PjR/QVrtUMDIRuRURaQJD/tMz/yiDr0whMxN:qg3PjR/QVrl8uR0aC/tMzZEZ7

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  c23ea10773c29c28d150a1c1d2c81fc5047ae70cb646c88a6730cff0058f1267
- Size
  
  73KB
- MD5
  
  3a823c5d29fb0418b595e4cc233f6f2d
- SHA1
  
  fcc1beca900d2a9e067436a42c423057164cf26d
- SHA256
  
  c23ea10773c29c28d150a1c1d2c81fc5047ae70cb646c88a6730cff0058f1267
- SHA512
  
  758b4d89afda81c08c350fed94d84e670fb3c030c50c17c879a6b557b401174e285b955349c901c0ac8a7e29a7795570260d7a092aad72619c6cd24693d14f48
- SSDEEP
  
  1536:qg3PjR/QVrtUMDIRuRURaQJD/tMz/yiDr0whMxN:qg3PjR/QVrl8uR0aC/tMzZEZ7
Score

8^/10

discovery persistence
- Adds policy Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence