49ec63fec755cc6953b577c611f2b43a87051e8258048df9dfabc8f492d43693 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49ec63fec755cc6953b577c611f2b43a87051e8258048df9dfabc8f492d43693
Size

63KB
Sample

221127-pm43rabg9t
MD5

bc6c2c65f1d916ff12d141ec473b009e
SHA1

0eaf7203335220bd059d37c4a12f06a679a0ceda
SHA256

49ec63fec755cc6953b577c611f2b43a87051e8258048df9dfabc8f492d43693
SHA512

1317d4b2ef690bfa2370a57de3ea9cb434a83b91c8b87c32e342cb452e8576b10213c71800abdef004a987d10ecc676c4ba34bb34814f48daac0c589332e536a
SSDEEP

768:dvmKZor4WvMzGBrxUjBWDtThWcCrGMshWcCrXTa0XZdPQShWcCrvTa0XZdPQWIo:dvmKZozvMzmNUMzr

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  49ec63fec755cc6953b577c611f2b43a87051e8258048df9dfabc8f492d43693
- Size
  
  63KB
- MD5
  
  bc6c2c65f1d916ff12d141ec473b009e
- SHA1
  
  0eaf7203335220bd059d37c4a12f06a679a0ceda
- SHA256
  
  49ec63fec755cc6953b577c611f2b43a87051e8258048df9dfabc8f492d43693
- SHA512
  
  1317d4b2ef690bfa2370a57de3ea9cb434a83b91c8b87c32e342cb452e8576b10213c71800abdef004a987d10ecc676c4ba34bb34814f48daac0c589332e536a
- SSDEEP
  
  768:dvmKZor4WvMzGBrxUjBWDtThWcCrGMshWcCrXTa0XZdPQShWcCrvTa0XZdPQWIo:dvmKZozvMzmNUMzr
Score

8^/10

evasion persistence
- Looks for VMWare Tools registry key
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence