Overview

overview

8

Static

static

38c78a306b...f2.exe

windows7-x64

8

38c78a306b...f2.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38c78a306b836f19948041390eb5f49b6cd5142024fb08f7c7ea10d560b5fdf2

  • Size

    174KB

  • Sample

    221125-jxxtjagb3t

  • MD5

    23fe7a27a1141faf9d3435adee6f2a4a

  • SHA1

    b6873dc9146cd661fafa4d10a5ed8a871ecc6ca1

  • SHA256

    38c78a306b836f19948041390eb5f49b6cd5142024fb08f7c7ea10d560b5fdf2

  • SHA512

    d718ce5de99515442e0d307d6bad216a603595b320299680bd83c628264ecef3dc007d9fbd9691b193c8a6e6aa8f96b0e1b8d7894cc89a696b5b725d093052b9

  • SSDEEP

    3072:YpzT4fCQ3zBP4mYKoWMgKe32ulW1tB26d+2YyiE8kjPsAERQsApiD2FIdodqns42:Y14aQDuvWlmgAd+4jPsAERQsApiD2Ky

Score
8/10
persistence

Malware Config

Targets

    • Target

      38c78a306b836f19948041390eb5f49b6cd5142024fb08f7c7ea10d560b5fdf2

    • Size

      174KB

    • MD5

      23fe7a27a1141faf9d3435adee6f2a4a

    • SHA1

      b6873dc9146cd661fafa4d10a5ed8a871ecc6ca1

    • SHA256

      38c78a306b836f19948041390eb5f49b6cd5142024fb08f7c7ea10d560b5fdf2

    • SHA512

      d718ce5de99515442e0d307d6bad216a603595b320299680bd83c628264ecef3dc007d9fbd9691b193c8a6e6aa8f96b0e1b8d7894cc89a696b5b725d093052b9

    • SSDEEP

      3072:YpzT4fCQ3zBP4mYKoWMgKe32ulW1tB26d+2YyiE8kjPsAERQsApiD2FIdodqns42:Y14aQDuvWlmgAd+4jPsAERQsApiD2Ky

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks