8b621edfc6fa3695a3b60ec40bb9a2c2da6de7568cd5f63b22d7007d06ebbffb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b621edfc6fa3695a3b60ec40bb9a2c2da6de7568cd5f63b22d7007d06ebbffb
Size

118KB
Sample

221129-ghvphsbc38
MD5

0ab6af1c4960a34a7ad3b6ed6025461e
SHA1

820f382b05b44a86cbf2ac762dc48db0cdc6d6ce
SHA256

8b621edfc6fa3695a3b60ec40bb9a2c2da6de7568cd5f63b22d7007d06ebbffb
SHA512

ef7ddedbb65df37b81bb96eb5bbbb8a567656895e9307f05be7f0b569044edefff887b3db05f8fa1fff5427868878c49018bd96843996f23c7ac964b5fb397d6
SSDEEP

3072:CLWTEiR+gctabvQuKbtG3ftk3j30lQqAB1kO0exnr:CLWiYTQPG3VQya6O0

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8b621edfc6fa3695a3b60ec40bb9a2c2da6de7568cd5f63b22d7007d06ebbffb
- Size
  
  118KB
- MD5
  
  0ab6af1c4960a34a7ad3b6ed6025461e
- SHA1
  
  820f382b05b44a86cbf2ac762dc48db0cdc6d6ce
- SHA256
  
  8b621edfc6fa3695a3b60ec40bb9a2c2da6de7568cd5f63b22d7007d06ebbffb
- SHA512
  
  ef7ddedbb65df37b81bb96eb5bbbb8a567656895e9307f05be7f0b569044edefff887b3db05f8fa1fff5427868878c49018bd96843996f23c7ac964b5fb397d6
- SSDEEP
  
  3072:CLWTEiR+gctabvQuKbtG3ftk3j30lQqAB1kO0exnr:CLWiYTQPG3VQya6O0
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2