1430f790aa56249d8ccf449f8b84ad29d739528714600720badeb18bc5dc8efa | Triage

Sharing

General

Target

1430f790aa56249d8ccf449f8b84ad29d739528714600720badeb18bc5dc8efa
Size

108KB
Sample

221125-x96tvsdd6x
MD5

31d38710703464d6b4802ec7de931579
SHA1

8eda77ff954cf5ae7680299c316d416dde067cf2
SHA256

1430f790aa56249d8ccf449f8b84ad29d739528714600720badeb18bc5dc8efa
SHA512

011c2cac5ad9adad4fe2de2d05765324180fa675abc06da771c0ad1e45c7cd0e311edf614883282baa7c77c22713f0c5be6e298e3a53c3041c66ecc1be15176a
SSDEEP

1536:KPpHg0fBemPDrSUA8N95CuBeISL3rGMzS/uggiEOORR9:yHgWBuYN93lUbJ+/uilORT

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  1430f790aa56249d8ccf449f8b84ad29d739528714600720badeb18bc5dc8efa
- Size
  
  108KB
- MD5
  
  31d38710703464d6b4802ec7de931579
- SHA1
  
  8eda77ff954cf5ae7680299c316d416dde067cf2
- SHA256
  
  1430f790aa56249d8ccf449f8b84ad29d739528714600720badeb18bc5dc8efa
- SHA512
  
  011c2cac5ad9adad4fe2de2d05765324180fa675abc06da771c0ad1e45c7cd0e311edf614883282baa7c77c22713f0c5be6e298e3a53c3041c66ecc1be15176a
- SSDEEP
  
  1536:KPpHg0fBemPDrSUA8N95CuBeISL3rGMzS/uggiEOORR9:yHgWBuYN93lUbJ+/uilORT
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2