3c06667bfdc98ef352bcd962b6a35e6d7674d0e70ea0ea7d5998182bb60f5765 | Triage

Sharing

General

Target

3c06667bfdc98ef352bcd962b6a35e6d7674d0e70ea0ea7d5998182bb60f5765
Size

3.2MB
Sample

221127-ryadmahg7z
MD5

93443930760655fbb04dbade20886672
SHA1

914650981b3f53a9de17db634551066cabf22b1f
SHA256

3c06667bfdc98ef352bcd962b6a35e6d7674d0e70ea0ea7d5998182bb60f5765
SHA512

c13f3d2c2cedf511324ef545fbcbd2799c3601d3f266b97e35b52a6cd1da79836c8dcaf1036cd54dd6ac84695a538a2784f25f07e4c786ad4a10417d05db1193
SSDEEP

98304:PirMZWSW2lRWioYV/WBYz667H9lgi8HJri8pS:6rwWST8iLV/vz667fB8pLpS

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  3c06667bfdc98ef352bcd962b6a35e6d7674d0e70ea0ea7d5998182bb60f5765
- Size
  
  3.2MB
- MD5
  
  93443930760655fbb04dbade20886672
- SHA1
  
  914650981b3f53a9de17db634551066cabf22b1f
- SHA256
  
  3c06667bfdc98ef352bcd962b6a35e6d7674d0e70ea0ea7d5998182bb60f5765
- SHA512
  
  c13f3d2c2cedf511324ef545fbcbd2799c3601d3f266b97e35b52a6cd1da79836c8dcaf1036cd54dd6ac84695a538a2784f25f07e4c786ad4a10417d05db1193
- SSDEEP
  
  98304:PirMZWSW2lRWioYV/WBYz667H9lgi8HJri8pS:6rwWST8iLV/vz667fB8pLpS
Score

8^/10

discovery persistence
- Modifies AppInit DLL entries
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence