e9db90970dd88b513d5ea84d0a17d7e6a82116b25c91f461990203d505f2b52e | Triage

Sharing

General

Target

e9db90970dd88b513d5ea84d0a17d7e6a82116b25c91f461990203d505f2b52e
Size

182KB
Sample

221125-hmvqracf8x
MD5

51dc4be4b3cb917a33f0fbe879a274aa
SHA1

b200ae24046eba0a015eeb7f85cd4c3225f3f3ed
SHA256

e9db90970dd88b513d5ea84d0a17d7e6a82116b25c91f461990203d505f2b52e
SHA512

7f0c56ff037b9c32c17fe6eb97ec6e3605f4ca7f5a79d50230f1248aa6777f10ad4cf8a0fd916adcfde3322e879ae688fed12410b9745ec1ac2862ffa73af40b
SSDEEP

3072:1jEtC3gRLBF4UlWubdx4wYAwZEtb0T1A33ywv9c:JB3gRLUUlPbdxLYygJYC/

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  e9db90970dd88b513d5ea84d0a17d7e6a82116b25c91f461990203d505f2b52e
- Size
  
  182KB
- MD5
  
  51dc4be4b3cb917a33f0fbe879a274aa
- SHA1
  
  b200ae24046eba0a015eeb7f85cd4c3225f3f3ed
- SHA256
  
  e9db90970dd88b513d5ea84d0a17d7e6a82116b25c91f461990203d505f2b52e
- SHA512
  
  7f0c56ff037b9c32c17fe6eb97ec6e3605f4ca7f5a79d50230f1248aa6777f10ad4cf8a0fd916adcfde3322e879ae688fed12410b9745ec1ac2862ffa73af40b
- SSDEEP
  
  3072:1jEtC3gRLBF4UlWubdx4wYAwZEtb0T1A33ywv9c:JB3gRLUUlPbdxLYygJYC/
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2