80f66ebcdc07f8764f49c07a12dedf425220cba0af875bb686a2ed24ac8a7df8 | Triage

Sharing

General

Target

80f66ebcdc07f8764f49c07a12dedf425220cba0af875bb686a2ed24ac8a7df8
Size

77KB
Sample

221125-jeej8sbc52
MD5

3e23b4ab0b776788a16298033145250a
SHA1

7eb8ef4fd8f8ecd564540f05eb4ca94242537816
SHA256

80f66ebcdc07f8764f49c07a12dedf425220cba0af875bb686a2ed24ac8a7df8
SHA512

afbf533ea4aef27193c611a6b1b9d19c3a867ab230d9b872ed57fe70b579099d191b989405ed11ced9cf685723bfdb8b0507effe702cdd01c9f2a9958b0c79fe
SSDEEP

768:TkGG+pe9oIQtg9vWJ5OLxQ6uqLuo6Gz1WrkKI7+fvUVSZ2:Tque2tM+qDVVaS+2

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  80f66ebcdc07f8764f49c07a12dedf425220cba0af875bb686a2ed24ac8a7df8
- Size
  
  77KB
- MD5
  
  3e23b4ab0b776788a16298033145250a
- SHA1
  
  7eb8ef4fd8f8ecd564540f05eb4ca94242537816
- SHA256
  
  80f66ebcdc07f8764f49c07a12dedf425220cba0af875bb686a2ed24ac8a7df8
- SHA512
  
  afbf533ea4aef27193c611a6b1b9d19c3a867ab230d9b872ed57fe70b579099d191b989405ed11ced9cf685723bfdb8b0507effe702cdd01c9f2a9958b0c79fe
- SSDEEP
  
  768:TkGG+pe9oIQtg9vWJ5OLxQ6uqLuo6Gz1WrkKI7+fvUVSZ2:Tque2tM+qDVVaS+2
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2