320f5ef2011f6a2f36dff4ac3a840ee820a4881fcb77764d3f0133de0f5f1187 | Triage

Sharing

General

Target

320f5ef2011f6a2f36dff4ac3a840ee820a4881fcb77764d3f0133de0f5f1187
Size

40KB
Sample

221129-rxrxaahb49
MD5

024ad44d546f59f6759608cbdd4ec650
SHA1

aa791674280b5861f6891629be6ea008ef78af1c
SHA256

320f5ef2011f6a2f36dff4ac3a840ee820a4881fcb77764d3f0133de0f5f1187
SHA512

008722b798f9d2d43ed7cec5e3c1f3de5988e1933321c6ee227a3b2b609cc4d997633a22c2ad3b26ed669bcc5b973c45b12501878885723ec671ec3580bed788
SSDEEP

384:K7WeoSFw/ISCKsZlVVBWs4kYA9H1gancd/awMBzvlU+5u1tGg3Kj2OdBNS:K7WeoSFpBZlV1t9HgVHIvlF2ajPBN

Score

6^/10

Malware Config

Targets

- Target
  
  320f5ef2011f6a2f36dff4ac3a840ee820a4881fcb77764d3f0133de0f5f1187
- Size
  
  40KB
- MD5
  
  024ad44d546f59f6759608cbdd4ec650
- SHA1
  
  aa791674280b5861f6891629be6ea008ef78af1c
- SHA256
  
  320f5ef2011f6a2f36dff4ac3a840ee820a4881fcb77764d3f0133de0f5f1187
- SHA512
  
  008722b798f9d2d43ed7cec5e3c1f3de5988e1933321c6ee227a3b2b609cc4d997633a22c2ad3b26ed669bcc5b973c45b12501878885723ec671ec3580bed788
- SSDEEP
  
  384:K7WeoSFw/ISCKsZlVVBWs4kYA9H1gancd/awMBzvlU+5u1tGg3Kj2OdBNS:K7WeoSFpBZlV1t9HgVHIvlF2ajPBN
Score

6^/10
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2