Overview

overview

6

Static

static

5

4ca9c066f3...bc.exe

windows7-x64

5

4ca9c066f3...bc.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ca9c066f3a6ef10e3ba272b749514384ab277c3819047f57d42b4a744594abc

  • Size

    1.1MB

  • Sample

    221126-vakfgacd8x

  • MD5

    a6c84f6b96e016a2093bb546d4b597e2

  • SHA1

    e55ecff5d86f7b23b7809600a7df86d067a2d45c

  • SHA256

    4ca9c066f3a6ef10e3ba272b749514384ab277c3819047f57d42b4a744594abc

  • SHA512

    f9cc8b3116353acd8174c6e30d772337df1e5dc8a7be107402428dc414739ef66a8085e3b9097d0592fc714132247ffc36e98c5953f9755c652fb3633ed486dd

  • SSDEEP

    24576:htb20pkaCqT5TBWgNQ7aGRVZe8MdRYtN+b6A:yVg5tQ7aGY8M8tC5

Score
6/10
microsoftpersistencephishing

Malware Config

Targets

    • Target

      4ca9c066f3a6ef10e3ba272b749514384ab277c3819047f57d42b4a744594abc

    • Size

      1.1MB

    • MD5

      a6c84f6b96e016a2093bb546d4b597e2

    • SHA1

      e55ecff5d86f7b23b7809600a7df86d067a2d45c

    • SHA256

      4ca9c066f3a6ef10e3ba272b749514384ab277c3819047f57d42b4a744594abc

    • SHA512

      f9cc8b3116353acd8174c6e30d772337df1e5dc8a7be107402428dc414739ef66a8085e3b9097d0592fc714132247ffc36e98c5953f9755c652fb3633ed486dd

    • SSDEEP

      24576:htb20pkaCqT5TBWgNQ7aGRVZe8MdRYtN+b6A:yVg5tQ7aGY8M8tC5

    Score
    6/10
    microsoftpersistencephishing

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks