1573ec790f0a2bc407252567bb70fb25a49be86cf2c23ec5a632b44ce8e6720b | Triage

Sharing

General

Target

1573ec790f0a2bc407252567bb70fb25a49be86cf2c23ec5a632b44ce8e6720b
Size

207KB
Sample

221126-124lbacd8s
MD5

9192363ab40def218fcacc4c60fb04f0
SHA1

a9fc65d5dce2f56a450491df778b6de168cc13d9
SHA256

1573ec790f0a2bc407252567bb70fb25a49be86cf2c23ec5a632b44ce8e6720b
SHA512

f2e44e3c144787bf486cde1cb01e6e1f249ee2dce4d4de025c9d91ee878281e355734ddd0abf34e46b564b094e26993eb236371624c5d9a15f83cefc11fa1e5e
SSDEEP

3072:VyU1S2jMJ8SKKAvpFaQL3F7IOJw1Hjdl5j1McSmjdrKL/4Ma8dGZGL:Vl1e8kAvjL3NIO6RxircdmlaE

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  1573ec790f0a2bc407252567bb70fb25a49be86cf2c23ec5a632b44ce8e6720b
- Size
  
  207KB
- MD5
  
  9192363ab40def218fcacc4c60fb04f0
- SHA1
  
  a9fc65d5dce2f56a450491df778b6de168cc13d9
- SHA256
  
  1573ec790f0a2bc407252567bb70fb25a49be86cf2c23ec5a632b44ce8e6720b
- SHA512
  
  f2e44e3c144787bf486cde1cb01e6e1f249ee2dce4d4de025c9d91ee878281e355734ddd0abf34e46b564b094e26993eb236371624c5d9a15f83cefc11fa1e5e
- SSDEEP
  
  3072:VyU1S2jMJ8SKKAvpFaQL3F7IOJw1Hjdl5j1McSmjdrKL/4Ma8dGZGL:Vl1e8kAvjL3NIO6RxircdmlaE
Score

8^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2