292a611fb6fdcf397ca67d2d35a541c8427f480a9b468f640306e00ad6912306 | Triage

Sharing

General

Target

292a611fb6fdcf397ca67d2d35a541c8427f480a9b468f640306e00ad6912306
Size

186KB
Sample

221125-ppvl4abg2t
MD5

e37df4d6ab79c1d785e4883cb2e16788
SHA1

009cbcab2c799d9d08a391861d7747bf2625da8a
SHA256

292a611fb6fdcf397ca67d2d35a541c8427f480a9b468f640306e00ad6912306
SHA512

a9eead45002a2e6643534887e2fe9ff117cb0f0f498ac8d7b0e4e4a7c524ace52bbef65c3cd700a98197279cae34924ee3bf9bd279e2882f42ab0b1c029a66c0
SSDEEP

3072:ON+fbmcn+DPc4x4wSzHQBSrhnGZq9WodVsSCPy2Ddwln5IR:c+fbV+ZxLSzzJGZ0sSyy5I

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  292a611fb6fdcf397ca67d2d35a541c8427f480a9b468f640306e00ad6912306
- Size
  
  186KB
- MD5
  
  e37df4d6ab79c1d785e4883cb2e16788
- SHA1
  
  009cbcab2c799d9d08a391861d7747bf2625da8a
- SHA256
  
  292a611fb6fdcf397ca67d2d35a541c8427f480a9b468f640306e00ad6912306
- SHA512
  
  a9eead45002a2e6643534887e2fe9ff117cb0f0f498ac8d7b0e4e4a7c524ace52bbef65c3cd700a98197279cae34924ee3bf9bd279e2882f42ab0b1c029a66c0
- SSDEEP
  
  3072:ON+fbmcn+DPc4x4wSzHQBSrhnGZq9WodVsSCPy2Ddwln5IR:c+fbV+ZxLSzzJGZ0sSyy5I
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2