6601ce8be61245bf5b8ea180983597fea45cb7d59244ad65d8891af56d330c97 | Triage

Sharing

General

Target

6601ce8be61245bf5b8ea180983597fea45cb7d59244ad65d8891af56d330c97
Size

62KB
Sample

221125-rxk4qshc5x
MD5

cca476e0ceb840617c1b113336be0aed
SHA1

65cb649e7d52eefddedf5099d15e86c16a8d8ef4
SHA256

6601ce8be61245bf5b8ea180983597fea45cb7d59244ad65d8891af56d330c97
SHA512

46662e27c3fb8fae5d8777da90c6801130a7f4299753892bb6da63974fbcc55eedf277cf52d3c1d97b743133cb5a7db01399f0d22796cab569194fc19b83bb68
SSDEEP

1536:/4UHxpN/MUXsLTvCj0DBXJaObAlWSXmuWWhADAgvnB/hqx:/4URpNUUX6z/DBXJfbAlWSXmuWW4Agva

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  6601ce8be61245bf5b8ea180983597fea45cb7d59244ad65d8891af56d330c97
- Size
  
  62KB
- MD5
  
  cca476e0ceb840617c1b113336be0aed
- SHA1
  
  65cb649e7d52eefddedf5099d15e86c16a8d8ef4
- SHA256
  
  6601ce8be61245bf5b8ea180983597fea45cb7d59244ad65d8891af56d330c97
- SHA512
  
  46662e27c3fb8fae5d8777da90c6801130a7f4299753892bb6da63974fbcc55eedf277cf52d3c1d97b743133cb5a7db01399f0d22796cab569194fc19b83bb68
- SSDEEP
  
  1536:/4UHxpN/MUXsLTvCj0DBXJaObAlWSXmuWWhADAgvnB/hqx:/4URpNUUX6z/DBXJfbAlWSXmuWW4Agva
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2