f94141b74e4256d38a1bb84a25e29dac0b5a0837809134ba2ccefa1411410f90 | Triage

Sharing

General

Target

f94141b74e4256d38a1bb84a25e29dac0b5a0837809134ba2ccefa1411410f90
Size

857KB
Sample

221127-wy97gahb58
MD5

2ce1a4c33c38402cccd051b984ab1458
SHA1

9366af2cc5e6674185b09b7802d6ff85ed9cd639
SHA256

f94141b74e4256d38a1bb84a25e29dac0b5a0837809134ba2ccefa1411410f90
SHA512

af131da0f0151dac1752e7268827bf7464c6d1069642436fdf02ea49632c3b2afbcc82a30fd64dbdb9b92a7aa426ae612855c30875334f16419346acfa12d283
SSDEEP

24576:Xf09nEigFFDjKhZFoGMQoWluSXlP7e3M:XfgETDirporSy

Score

9^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  f94141b74e4256d38a1bb84a25e29dac0b5a0837809134ba2ccefa1411410f90
- Size
  
  857KB
- MD5
  
  2ce1a4c33c38402cccd051b984ab1458
- SHA1
  
  9366af2cc5e6674185b09b7802d6ff85ed9cd639
- SHA256
  
  f94141b74e4256d38a1bb84a25e29dac0b5a0837809134ba2ccefa1411410f90
- SHA512
  
  af131da0f0151dac1752e7268827bf7464c6d1069642436fdf02ea49632c3b2afbcc82a30fd64dbdb9b92a7aa426ae612855c30875334f16419346acfa12d283
- SSDEEP
  
  24576:Xf09nEigFFDjKhZFoGMQoWluSXlP7e3M:XfgETDirporSy
Score

9^/10

discovery evasion persistence
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasionpersistence