2de41878725f3f6da01c770224bcc2580be15139334dc09020a17fbb2400e224 | Triage

Sharing

General

Target

2de41878725f3f6da01c770224bcc2580be15139334dc09020a17fbb2400e224
Size

95KB
Sample

221125-2bth4aec6t
MD5

e8c4741eb950dc6e2936fbb82b69f20d
SHA1

6b4a143184b535f2dd8cdb439277817e297e92d1
SHA256

2de41878725f3f6da01c770224bcc2580be15139334dc09020a17fbb2400e224
SHA512

1950080032605533bddbb65930140ffc30b6b7c0eecb4e080593fad00c72d8d84668a31790a85240bd9dac33cf7641e3c2eee12ed40ff73dcc8b94ac615233b8
SSDEEP

1536:V4UHxpN/MUXsLTvCj0DBXJaOvWHzw0reZBIN85ymPhJ58YMztlsIgzZUKaV/O:V4URpNUUX6z/DBXJfvWTw6IIN8xX58Zm

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  2de41878725f3f6da01c770224bcc2580be15139334dc09020a17fbb2400e224
- Size
  
  95KB
- MD5
  
  e8c4741eb950dc6e2936fbb82b69f20d
- SHA1
  
  6b4a143184b535f2dd8cdb439277817e297e92d1
- SHA256
  
  2de41878725f3f6da01c770224bcc2580be15139334dc09020a17fbb2400e224
- SHA512
  
  1950080032605533bddbb65930140ffc30b6b7c0eecb4e080593fad00c72d8d84668a31790a85240bd9dac33cf7641e3c2eee12ed40ff73dcc8b94ac615233b8
- SSDEEP
  
  1536:V4UHxpN/MUXsLTvCj0DBXJaOvWHzw0reZBIN85ymPhJ58YMztlsIgzZUKaV/O:V4URpNUUX6z/DBXJfvWTw6IIN8xX58Zm
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2