Overview

overview

8

Static

static

5bfd634533...20.exe

windows7-x64

8

5bfd634533...20.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5bfd6345336c372210e65f4f645d589b125f765a12fd9e8961aab3a4bfbf0420

  • Size

    204KB

  • Sample

    221128-sd7ztsca78

  • MD5

    8c5ab65bc43c90e104aaaf7253a0eab7

  • SHA1

    7accf631a6aa6200c1cf6196687abf181d22c583

  • SHA256

    5bfd6345336c372210e65f4f645d589b125f765a12fd9e8961aab3a4bfbf0420

  • SHA512

    d090a43702d74159ffb333e055a0ba52a452bc921f753c7722bd0252bd748e8839ea17648a7f5c582b71cb38f19aa99b41fddc7b2659a43be89c72a568fb89ea

  • SSDEEP

    6144:ZlGCCCzCgj/CA6QuO3GJWEUvvTQlqWTJcU64MtOj:+CCCzCgD5IbJWbrXWTw4MtO

Score
8/10
persistence

Malware Config

Targets

    • Target

      5bfd6345336c372210e65f4f645d589b125f765a12fd9e8961aab3a4bfbf0420

    • Size

      204KB

    • MD5

      8c5ab65bc43c90e104aaaf7253a0eab7

    • SHA1

      7accf631a6aa6200c1cf6196687abf181d22c583

    • SHA256

      5bfd6345336c372210e65f4f645d589b125f765a12fd9e8961aab3a4bfbf0420

    • SHA512

      d090a43702d74159ffb333e055a0ba52a452bc921f753c7722bd0252bd748e8839ea17648a7f5c582b71cb38f19aa99b41fddc7b2659a43be89c72a568fb89ea

    • SSDEEP

      6144:ZlGCCCzCgj/CA6QuO3GJWEUvvTQlqWTJcU64MtOj:+CCCzCgD5IbJWbrXWTw4MtO

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks