Overview

overview

8

Static

static

1

791a4ae5c1...56.exe

windows7-x64

8

791a4ae5c1...56.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    791a4ae5c169f772f20c12cdc181ad649a1ddc9dba41051939c1a8e30225af56

  • Size

    236KB

  • Sample

    221128-tmzkgsbf5v

  • MD5

    9703fc80b31c3da2783be988d68bd562

  • SHA1

    088dc9d61c397f9ebe8dbf254d6674fa8985761f

  • SHA256

    791a4ae5c169f772f20c12cdc181ad649a1ddc9dba41051939c1a8e30225af56

  • SHA512

    ef5c31ddf307eb6f18727eddb3edc84c5ccc516b55aa1d17bae03941d8f6e93b291e6e41a57a9508b5b405c320db1d2e407c3fe35335385d6733acf9aca2406b

  • SSDEEP

    6144:VwHysRxa3xXWyP9GUhxEkNcianEQ20M/IhAMPAFcvYfQjPeJ:+RQ3xXWgGUhxEecjEllIroFp+Pe

Score
8/10
persistence

Malware Config

Targets

    • Target

      791a4ae5c169f772f20c12cdc181ad649a1ddc9dba41051939c1a8e30225af56

    • Size

      236KB

    • MD5

      9703fc80b31c3da2783be988d68bd562

    • SHA1

      088dc9d61c397f9ebe8dbf254d6674fa8985761f

    • SHA256

      791a4ae5c169f772f20c12cdc181ad649a1ddc9dba41051939c1a8e30225af56

    • SHA512

      ef5c31ddf307eb6f18727eddb3edc84c5ccc516b55aa1d17bae03941d8f6e93b291e6e41a57a9508b5b405c320db1d2e407c3fe35335385d6733acf9aca2406b

    • SSDEEP

      6144:VwHysRxa3xXWyP9GUhxEkNcianEQ20M/IhAMPAFcvYfQjPeJ:+RQ3xXWgGUhxEecjEllIroFp+Pe

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks