61250b9d4041dfd38426396b9a92ea5c9828849a111e66a8d478649fa302a22f | Triage

Sharing

General

Target

61250b9d4041dfd38426396b9a92ea5c9828849a111e66a8d478649fa302a22f
Size

719KB
Sample

221129-kjvmpafg21
MD5

c35ab576886ca7b0050dea57ac2ed41f
SHA1

8673cace7e7c13936948a374f1dbd35a44d8ebf6
SHA256

61250b9d4041dfd38426396b9a92ea5c9828849a111e66a8d478649fa302a22f
SHA512

5e9ac31b1fe8eeef49d1b62f0c19ce8323a0fcb9d5e226d725b2a176ae7b2c6cb98dcb9808d7766cbbd3c12c217eafa09297a34e00c2f52b4ee4f3ac15879fdc
SSDEEP

12288:H7OmmoYOSVGlSB2xVVLyUzSfHihKFBDyxFP4lhn3a4XnjseINO:HxyG0B2xVVHyaKFJyxtSVa4Ie

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  61250b9d4041dfd38426396b9a92ea5c9828849a111e66a8d478649fa302a22f
- Size
  
  719KB
- MD5
  
  c35ab576886ca7b0050dea57ac2ed41f
- SHA1
  
  8673cace7e7c13936948a374f1dbd35a44d8ebf6
- SHA256
  
  61250b9d4041dfd38426396b9a92ea5c9828849a111e66a8d478649fa302a22f
- SHA512
  
  5e9ac31b1fe8eeef49d1b62f0c19ce8323a0fcb9d5e226d725b2a176ae7b2c6cb98dcb9808d7766cbbd3c12c217eafa09297a34e00c2f52b4ee4f3ac15879fdc
- SSDEEP
  
  12288:H7OmmoYOSVGlSB2xVVLyUzSfHihKFBDyxFP4lhn3a4XnjseINO:HxyG0B2xVVHyaKFJyxtSVa4Ie
Score

9^/10

evasion persistence
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence