a44f7d6b33377a416d2113ae4a97f36a78773da323c42ee2d3efade09a44c54f | Triage

Sharing

General

Target

a44f7d6b33377a416d2113ae4a97f36a78773da323c42ee2d3efade09a44c54f
Size

1.6MB
Sample

221124-z5t1lsad84
MD5

468b9b4d7e31ee9375a51577570d0b4b
SHA1

7a8cbff8e182cb916d1a99f2dc3870cd91a13478
SHA256

a44f7d6b33377a416d2113ae4a97f36a78773da323c42ee2d3efade09a44c54f
SHA512

149070a86f24550633baf411c2283f3414f06b0f681cb8f5bccf1efc72c39412feb6310042f306c8389a92fadfccd66b280b2209b76a00c4ef7450f08f78227c
SSDEEP

49152:gzQq4q8vOv/qtqUkkFKCqsPH08eqe6UHrAWL:g0qz84Uk9ZM0Ke62AWL

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  CF߱ѪBUGѪ+һݵع_se.exe
- Size
  
  1.8MB
- MD5
  
  3d7684528be046a32765faf98f9ad34a
- SHA1
  
  ccad496d04468852d6bd8a63d7addddfb79ff6fb
- SHA256
  
  7073f4286a30a37b6a0faea483b79c6caa6b23133421757c515ec7388d3d19ee
- SHA512
  
  e6dd81e302a3a5e75c48a9132f1c060c474bd8af52012db17b86ab949bbc2ebdf5032980f98efe56d2a52da8d63ff5fabfff2446712d6bf31c10587f600445f1
- SSDEEP
  
  49152:yko42EJ0BHqVq+iiTCnTxQCVtPrFbdlzrk4488H:ho5ES+iiTCTxpVtPrFJp7488H
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2