4ff8817c38548ed3abfd8ba9802de653f66b2ac7ea4aa23b5c713b8c74ab774d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ff8817c38548ed3abfd8ba9802de653f66b2ac7ea4aa23b5c713b8c74ab774d
Size

122KB
Sample

221125-wc5d4ada85
MD5

5a828f9ddccb3717aeccbe3e5e2a9f65
SHA1

e21d46b0b320acda1582d257fa41970641fddb7a
SHA256

4ff8817c38548ed3abfd8ba9802de653f66b2ac7ea4aa23b5c713b8c74ab774d
SHA512

b9da3e4ab74b4740fed7ade404f612671cfbf47a6b0bab006332be26ce8b89c6741a6f7332e9b4a3b6efc2154cedd08b696fc5c96d492028f7413d8794b46c20
SSDEEP

3072:Mn83pkNSmCCLsLe5z0psVFMewD0fj7ifYqTgQG:M8pkNSEsLOFMlD0fj7igh9

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  RG928200002_2014_november_00000329320.023042490280.0324980000038-0000006.exe
- Size
  
  148KB
- MD5
  
  447ea8f436208e24a8421e311a27bca2
- SHA1
  
  f1f93934579b8c17aa7b798072ff8944fb3bb3ad
- SHA256
  
  eb69817b4d0655fea46edd195bdd378200ff7182c16b36319190bdde5402c25f
- SHA512
  
  06f4aed8bcd558e11d0449fc097224fff0996417fcbe9e4f8a771ffbfa73f42010f731046eda6bcb8d4822b032951f5d71af2f4258cf1c99490e81bc2daebd47
- SSDEEP
  
  3072:WPIa4nO50c6fPDJCLsLe5z0rsVFMewD0fjhStoWe:WP34nO5k6sLcFMlD0fjhSyn
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2