86ca537f7366682697a7b25949b9be4fafe9b0ec5ecea1b829e03b69b6d1a55f | Triage

Sharing

General

Target

86ca537f7366682697a7b25949b9be4fafe9b0ec5ecea1b829e03b69b6d1a55f
Size

770KB
Sample

221129-g4s3tagc4z
MD5

d509815d1c78feeca82c8f3ce3a39fe6
SHA1

9124de630db07053758daf9ec5c87a9d975f5704
SHA256

86ca537f7366682697a7b25949b9be4fafe9b0ec5ecea1b829e03b69b6d1a55f
SHA512

bddb29754439d948ac392e705439c0d470bd52ff3f30d3c9ecfd3cfefab9b21788afaf145fc031aabf8a7780b301845cfc304939edbe529979b0df759ccad69e
SSDEEP

12288:vBxRnhZFlOqFjmYcdIbxdq1wGgdclhFoxZwcWrEgXPB82/eM0Saf4HsvU/ZNF2:ZfxmX0q1ydctox6NrEgXPG/QMGJ

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  86ca537f7366682697a7b25949b9be4fafe9b0ec5ecea1b829e03b69b6d1a55f
- Size
  
  770KB
- MD5
  
  d509815d1c78feeca82c8f3ce3a39fe6
- SHA1
  
  9124de630db07053758daf9ec5c87a9d975f5704
- SHA256
  
  86ca537f7366682697a7b25949b9be4fafe9b0ec5ecea1b829e03b69b6d1a55f
- SHA512
  
  bddb29754439d948ac392e705439c0d470bd52ff3f30d3c9ecfd3cfefab9b21788afaf145fc031aabf8a7780b301845cfc304939edbe529979b0df759ccad69e
- SSDEEP
  
  12288:vBxRnhZFlOqFjmYcdIbxdq1wGgdclhFoxZwcWrEgXPB82/eM0Saf4HsvU/ZNF2:ZfxmX0q1ydctox6NrEgXPG/QMGJ
Score

9^/10

evasion persistence
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Software Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence