8d31ff1cf3ed623bb4d22b0e9f55c02b1e3021b0cf1b3b4193b66d730c5e82ff | Triage

Sharing

General

Target

8d31ff1cf3ed623bb4d22b0e9f55c02b1e3021b0cf1b3b4193b66d730c5e82ff
Size

13KB
Sample

221127-xd894sae25
MD5

3fb97cd23e72a5e630a80dde2636be5e
SHA1

3d2c0049fbc73eca544433bd3545b9fdbc910e38
SHA256

8d31ff1cf3ed623bb4d22b0e9f55c02b1e3021b0cf1b3b4193b66d730c5e82ff
SHA512

148b7436760db55e208cf10df97a48c2214ef190e02ec29abad1478fc1ec690ec973c8391db62dbf2a9fcf2f2fbfdec2e85f644d82b1889c7d74a24fe51a3607
SSDEEP

384:KLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:XSagh0Qu1UkKE7AF

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8d31ff1cf3ed623bb4d22b0e9f55c02b1e3021b0cf1b3b4193b66d730c5e82ff
- Size
  
  13KB
- MD5
  
  3fb97cd23e72a5e630a80dde2636be5e
- SHA1
  
  3d2c0049fbc73eca544433bd3545b9fdbc910e38
- SHA256
  
  8d31ff1cf3ed623bb4d22b0e9f55c02b1e3021b0cf1b3b4193b66d730c5e82ff
- SHA512
  
  148b7436760db55e208cf10df97a48c2214ef190e02ec29abad1478fc1ec690ec973c8391db62dbf2a9fcf2f2fbfdec2e85f644d82b1889c7d74a24fe51a3607
- SSDEEP
  
  384:KLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:XSagh0Qu1UkKE7AF
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2