fb33d34d6f78aa43b843b3db7dedddb97e02671233bd3e51bba4cdda3664b657 | Triage

Sharing

General

Target

fb33d34d6f78aa43b843b3db7dedddb97e02671233bd3e51bba4cdda3664b657
Size

1.7MB
Sample

221125-pvs1fscb3z
MD5

8e70dd22feec15dd0c28ecf348681a82
SHA1

5bd12016dd98e7f1f7b1ed9f54d8e6915ce18abe
SHA256

fb33d34d6f78aa43b843b3db7dedddb97e02671233bd3e51bba4cdda3664b657
SHA512

2ac9182d0deb79f217ec255725dd9a1e7c19adc5d6dc4e76a80126521355df8401d6aad0c67d39be1356c89e1452eab353c2d8aed8ab24c94daaca550cba5d5f
SSDEEP

49152:2qqYgaOLZqtkUqKZpG/8ootaJU0IHXRukYQQAGqXiNKdnuL5xOHHma:9RCLotJizosJU0IHXRL1FluLu

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  fb33d34d6f78aa43b843b3db7dedddb97e02671233bd3e51bba4cdda3664b657
- Size
  
  1.7MB
- MD5
  
  8e70dd22feec15dd0c28ecf348681a82
- SHA1
  
  5bd12016dd98e7f1f7b1ed9f54d8e6915ce18abe
- SHA256
  
  fb33d34d6f78aa43b843b3db7dedddb97e02671233bd3e51bba4cdda3664b657
- SHA512
  
  2ac9182d0deb79f217ec255725dd9a1e7c19adc5d6dc4e76a80126521355df8401d6aad0c67d39be1356c89e1452eab353c2d8aed8ab24c94daaca550cba5d5f
- SSDEEP
  
  49152:2qqYgaOLZqtkUqKZpG/8ootaJU0IHXRukYQQAGqXiNKdnuL5xOHHma:9RCLotJizosJU0IHXRL1FluLu
Score

8^/10

persistence
- Executes dropped EXE
- Modifies AppInit DLL entries
  persistence
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2