6fc5073df36715e3567fa6df02784e5bc711923b57b3265c01ae6f0b24db35c4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fc5073df36715e3567fa6df02784e5bc711923b57b3265c01ae6f0b24db35c4
Size

35KB
Sample

221128-b89ngaah7v
MD5

b78ace7638bd68d8167988975d593065
SHA1

60bee6bacb3f5543bf13d2c43e97437da1935a2c
SHA256

6fc5073df36715e3567fa6df02784e5bc711923b57b3265c01ae6f0b24db35c4
SHA512

1cf42e492511116ccf618618a12b6c502704a1ac0439c9568a98c9433ceaffea487bef368d20d30ab0b7ed28a5cb9d61e61006b401e21d7345a6b154b6a9a2be
SSDEEP

768:OWMRMO8nnF1Yt/ybUZkFPd8wpS9hucD5+KwqppBA:OL8nM5ybQ/4YhT3wqppS

Score

8^/10

persistence upx

Malware Config

Targets

- Target
  
  6fc5073df36715e3567fa6df02784e5bc711923b57b3265c01ae6f0b24db35c4
- Size
  
  35KB
- MD5
  
  b78ace7638bd68d8167988975d593065
- SHA1
  
  60bee6bacb3f5543bf13d2c43e97437da1935a2c
- SHA256
  
  6fc5073df36715e3567fa6df02784e5bc711923b57b3265c01ae6f0b24db35c4
- SHA512
  
  1cf42e492511116ccf618618a12b6c502704a1ac0439c9568a98c9433ceaffea487bef368d20d30ab0b7ed28a5cb9d61e61006b401e21d7345a6b154b6a9a2be
- SSDEEP
  
  768:OWMRMO8nnF1Yt/ybUZkFPd8wpS9hucD5+KwqppBA:OL8nM5ybQ/4YhT3wqppS
Score

8^/10

persistence upx
- Adds policy Run key to start application
  persistence
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2