2df72da08922293def4cc27db4cb9ee611f691c85fb28788b2061a12da828f11 | Triage

Sharing

General

Target

2df72da08922293def4cc27db4cb9ee611f691c85fb28788b2061a12da828f11
Size

515KB
Sample

221125-j1jq3scg86
MD5

bb04aab16873dc5b898ae0305621d1a2
SHA1

e6336334ff1f7530bb8c88e6894fa957d5e21f96
SHA256

2df72da08922293def4cc27db4cb9ee611f691c85fb28788b2061a12da828f11
SHA512

68046dd4df98e25ed6dfe3f9f9363c3edc81a5e438ad8005a29f49f64ed242b0fc4033522afc5640fb4482c58005605322fd0e3f22023763de331549c6db9f15
SSDEEP

12288:TdxYtVrDwXMNQB0O1zBnc3qp4t1Ntt9Ls/4SVjy:Tru8XTmOFp4bhlsby

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  2df72da08922293def4cc27db4cb9ee611f691c85fb28788b2061a12da828f11
- Size
  
  515KB
- MD5
  
  bb04aab16873dc5b898ae0305621d1a2
- SHA1
  
  e6336334ff1f7530bb8c88e6894fa957d5e21f96
- SHA256
  
  2df72da08922293def4cc27db4cb9ee611f691c85fb28788b2061a12da828f11
- SHA512
  
  68046dd4df98e25ed6dfe3f9f9363c3edc81a5e438ad8005a29f49f64ed242b0fc4033522afc5640fb4482c58005605322fd0e3f22023763de331549c6db9f15
- SSDEEP
  
  12288:TdxYtVrDwXMNQB0O1zBnc3qp4t1Ntt9Ls/4SVjy:Tru8XTmOFp4bhlsby
Score

9^/10

evasion persistence
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Software Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence