bff5ee871f7051d55a8093acc3a09d191ba6a9adc2e2b41db5e8e7ee641be79b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bff5ee871f7051d55a8093acc3a09d191ba6a9adc2e2b41db5e8e7ee641be79b
Size

1.1MB
Sample

221127-qn57waah93
MD5

651cd5b4017a05c03e0eddebbb7d51c7
SHA1

8dd518e703c48e03e59787a4f578e17e492191e9
SHA256

bff5ee871f7051d55a8093acc3a09d191ba6a9adc2e2b41db5e8e7ee641be79b
SHA512

c084822aebcdaa121e98a7350314d54211ca1df5310bfd3186ec42560710d7ed8f8c4856535348167b47ae780a84073e2aca50e656850fc777ed5a806f77d559
SSDEEP

12288:vJ84D/9Hfe6rfTJ6Lt8urB7Nj6fsfqdm7pTTCIu0EuG2a18RzY47E9ELluv9Ny4U:vF7WXbqdUTmWK29ZY47EiLMYTHyi

Score

7^/10

Malware Config

Targets

- Target
  
  bff5ee871f7051d55a8093acc3a09d191ba6a9adc2e2b41db5e8e7ee641be79b
- Size
  
  1.1MB
- MD5
  
  651cd5b4017a05c03e0eddebbb7d51c7
- SHA1
  
  8dd518e703c48e03e59787a4f578e17e492191e9
- SHA256
  
  bff5ee871f7051d55a8093acc3a09d191ba6a9adc2e2b41db5e8e7ee641be79b
- SHA512
  
  c084822aebcdaa121e98a7350314d54211ca1df5310bfd3186ec42560710d7ed8f8c4856535348167b47ae780a84073e2aca50e656850fc777ed5a806f77d559
- SSDEEP
  
  12288:vJ84D/9Hfe6rfTJ6Lt8urB7Nj6fsfqdm7pTTCIu0EuG2a18RzY47E9ELluv9Ny4U:vF7WXbqdUTmWK29ZY47EiLMYTHyi
Score

7^/10
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2