f0c358ec93b6e1b6d5a7f1183c7bd1a4a4df72a6280af9aadf1e5397f0ce001e | Triage

Sharing

General

Target

f0c358ec93b6e1b6d5a7f1183c7bd1a4a4df72a6280af9aadf1e5397f0ce001e
Size

2.4MB
Sample

221125-qpmrxsba35
MD5

dfaca8a44c7273dd7340be250de8ec55
SHA1

b25b4f916b2468340ee383f686812e71dfe4ede0
SHA256

f0c358ec93b6e1b6d5a7f1183c7bd1a4a4df72a6280af9aadf1e5397f0ce001e
SHA512

167c55f2168252cadbdc1eb6456030294bde561bc7450dd8aa17e3203cd65f5ff0de6421a03842ec35b7f4691c1a4d21f4b3fdc79d55df7dc3daf27d858d0469
SSDEEP

49152:v94IBA0qRdCjDCM38ZFtqAzKPl+wcbFpOZI+NDH1ClsqT:VG0qd1Tp8rcqy+JwlsqT

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  f0c358ec93b6e1b6d5a7f1183c7bd1a4a4df72a6280af9aadf1e5397f0ce001e
- Size
  
  2.4MB
- MD5
  
  dfaca8a44c7273dd7340be250de8ec55
- SHA1
  
  b25b4f916b2468340ee383f686812e71dfe4ede0
- SHA256
  
  f0c358ec93b6e1b6d5a7f1183c7bd1a4a4df72a6280af9aadf1e5397f0ce001e
- SHA512
  
  167c55f2168252cadbdc1eb6456030294bde561bc7450dd8aa17e3203cd65f5ff0de6421a03842ec35b7f4691c1a4d21f4b3fdc79d55df7dc3daf27d858d0469
- SSDEEP
  
  49152:v94IBA0qRdCjDCM38ZFtqAzKPl+wcbFpOZI+NDH1ClsqT:VG0qd1Tp8rcqy+JwlsqT
Score

9^/10

evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2