4331aecc8f18a17240b6bf40cdf27f91066a0d6055193fc343d02f01fd2b6dd5 | Triage

Sharing

General

Target

4331aecc8f18a17240b6bf40cdf27f91066a0d6055193fc343d02f01fd2b6dd5
Size

252KB
Sample

221129-lgveksfe99
MD5

771b4d1db6f33e915aac90cf58b0da01
SHA1

fbcbb3a589b256417b7fdae9bce71c20ec648ff1
SHA256

4331aecc8f18a17240b6bf40cdf27f91066a0d6055193fc343d02f01fd2b6dd5
SHA512

c384d827e15026deb0cb75848da61fc6558d425c2367f8e85251f9ea738a964c3662bc904cb1a4a54310c44e527ff3b01aea4ac0a6d54f850211d324145bd9f0
SSDEEP

6144:p1TlTjLEGvAEVGnc3Qkp18kZmO3dNA33mm:p1pL6Eonc3+aA2m

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  4331aecc8f18a17240b6bf40cdf27f91066a0d6055193fc343d02f01fd2b6dd5
- Size
  
  252KB
- MD5
  
  771b4d1db6f33e915aac90cf58b0da01
- SHA1
  
  fbcbb3a589b256417b7fdae9bce71c20ec648ff1
- SHA256
  
  4331aecc8f18a17240b6bf40cdf27f91066a0d6055193fc343d02f01fd2b6dd5
- SHA512
  
  c384d827e15026deb0cb75848da61fc6558d425c2367f8e85251f9ea738a964c3662bc904cb1a4a54310c44e527ff3b01aea4ac0a6d54f850211d324145bd9f0
- SSDEEP
  
  6144:p1TlTjLEGvAEVGnc3Qkp18kZmO3dNA33mm:p1pL6Eonc3+aA2m
Score

8^/10

discovery persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2