801179e78255bc970347a2a2ef2fb666589eeaf6cef63cc1b468dc3cfe3146a5 | Triage

Sharing

General

Target

801179e78255bc970347a2a2ef2fb666589eeaf6cef63cc1b468dc3cfe3146a5
Size

1.0MB
Sample

221128-gxftxaff3s
MD5

d491b5bb4fde7eff3831b75b39221a32
SHA1

3160d20be89770a6ab375bee80a8b67c929c31f1
SHA256

801179e78255bc970347a2a2ef2fb666589eeaf6cef63cc1b468dc3cfe3146a5
SHA512

d1ba6d9354dcf914e00acee188b388c5df809c2d8f28bd0d08d559b57551fd85b6c20701b8e83bd5f0d92da90268f6a0dd95d0e0a1078f0d43e26b6164cac475
SSDEEP

12288:ARtxVM4AlgIYPVoCt6XxFe5rjPeNfrsekdPf7mQvbkT7Hh/ebfJ40kIFD3j5q1Ok:CVMpb7E5nUedmQQe45INjg9yMSm

Score

6^/10

microsoft persistence phishing

Malware Config

Targets

- Target
  
  801179e78255bc970347a2a2ef2fb666589eeaf6cef63cc1b468dc3cfe3146a5
- Size
  
  1.0MB
- MD5
  
  d491b5bb4fde7eff3831b75b39221a32
- SHA1
  
  3160d20be89770a6ab375bee80a8b67c929c31f1
- SHA256
  
  801179e78255bc970347a2a2ef2fb666589eeaf6cef63cc1b468dc3cfe3146a5
- SHA512
  
  d1ba6d9354dcf914e00acee188b388c5df809c2d8f28bd0d08d559b57551fd85b6c20701b8e83bd5f0d92da90268f6a0dd95d0e0a1078f0d43e26b6164cac475
- SSDEEP
  
  12288:ARtxVM4AlgIYPVoCt6XxFe5rjPeNfrsekdPf7mQvbkT7Hh/ebfJ40kIFD3j5q1Ok:CVMpb7E5nUedmQQe45INjg9yMSm
Score

6^/10

microsoft persistence phishing
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing