cb8c6531b448174dabbeeb639399c4ff5c48c4c1fbddb85f114958467e19eca6 | Triage

Sharing

General

Target

cb8c6531b448174dabbeeb639399c4ff5c48c4c1fbddb85f114958467e19eca6
Size

152KB
Sample

221129-rv4s3agh93
MD5

f4723d0ca2f1b5c9be01437d1eb4d835
SHA1

bce452892d0152589a89299afa2a75696e8c9b03
SHA256

cb8c6531b448174dabbeeb639399c4ff5c48c4c1fbddb85f114958467e19eca6
SHA512

4e76c51d4fe86c03fe309aaa02f6785045b32abdce25d47d7904cee4d5c5041f8ea46b71b8ef977c2e0d24d413bbab916af7de587e9053ef5b557963011a550c
SSDEEP

3072:5OF1e11TFWpNohYkQr0jeLwJr95bJoBFx/63P:oUYQqLwhHbWLxC3

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  cb8c6531b448174dabbeeb639399c4ff5c48c4c1fbddb85f114958467e19eca6
- Size
  
  152KB
- MD5
  
  f4723d0ca2f1b5c9be01437d1eb4d835
- SHA1
  
  bce452892d0152589a89299afa2a75696e8c9b03
- SHA256
  
  cb8c6531b448174dabbeeb639399c4ff5c48c4c1fbddb85f114958467e19eca6
- SHA512
  
  4e76c51d4fe86c03fe309aaa02f6785045b32abdce25d47d7904cee4d5c5041f8ea46b71b8ef977c2e0d24d413bbab916af7de587e9053ef5b557963011a550c
- SSDEEP
  
  3072:5OF1e11TFWpNohYkQr0jeLwJr95bJoBFx/63P:oUYQqLwhHbWLxC3
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2