79ea95ec5b4d204470e9f730cb14693828af110a60d308fc9af39b7e2ed99df5 | Triage

Sharing

General

Target

79ea95ec5b4d204470e9f730cb14693828af110a60d308fc9af39b7e2ed99df5
Size

758KB
Sample

221129-h6ll7age83
MD5

f9c84cddf1cdfc86f9717d0a5a0d9b97
SHA1

7b67e91c467de3e2e4ee3c7ea8aeb02c964ed6f7
SHA256

79ea95ec5b4d204470e9f730cb14693828af110a60d308fc9af39b7e2ed99df5
SHA512

abcb07bce09d87487ca1be3218def6143929a844112a183be9fd8cde67ecdc4814ad8f1f4305cfe3845579951a16229249dc13a88ef227e10b59594434d296e3
SSDEEP

12288:M2nBoRQY1UzlWhiAov/E8AKHSozk7/rDb0NMz5fssyrOAWkBYyUqK:M8YNSAoEtKypvGM1Esy6AWkS

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  79ea95ec5b4d204470e9f730cb14693828af110a60d308fc9af39b7e2ed99df5
- Size
  
  758KB
- MD5
  
  f9c84cddf1cdfc86f9717d0a5a0d9b97
- SHA1
  
  7b67e91c467de3e2e4ee3c7ea8aeb02c964ed6f7
- SHA256
  
  79ea95ec5b4d204470e9f730cb14693828af110a60d308fc9af39b7e2ed99df5
- SHA512
  
  abcb07bce09d87487ca1be3218def6143929a844112a183be9fd8cde67ecdc4814ad8f1f4305cfe3845579951a16229249dc13a88ef227e10b59594434d296e3
- SSDEEP
  
  12288:M2nBoRQY1UzlWhiAov/E8AKHSozk7/rDb0NMz5fssyrOAWkBYyUqK:M8YNSAoEtKypvGM1Esy6AWkS
Score

9^/10

evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2