Overview

overview

8

Static

static

5dfb3a400c...bc.exe

windows7-x64

8

5dfb3a400c...bc.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5dfb3a400c7ab0de4be178d2f501d5680bcc1d079afe9ab6649e6ca68f83f9bc

  • Size

    129KB

  • Sample

    221130-l2pptsdc7s

  • MD5

    85dc8ae83130c0cdba1847295ec54289

  • SHA1

    882a63bc5221eca77228837ccb8402a7f81bf2b7

  • SHA256

    5dfb3a400c7ab0de4be178d2f501d5680bcc1d079afe9ab6649e6ca68f83f9bc

  • SHA512

    ec291c472b1f0b1d2385399580145609af6d0b0cb28c297e659a634546418dbd8f685e08beac057e1ec70ca778f0af81a0d228c8fec1272f47d44e0f2c81896d

  • SSDEEP

    3072:sJoNIFhq9fUsf8e2xGKfK6jnPNv/jywxmi7ifQc5nWbEZo:sJU9lf89xRK6jB7ai7ifv5B2

Score
8/10
persistence

Malware Config

Targets

    • Target

      5dfb3a400c7ab0de4be178d2f501d5680bcc1d079afe9ab6649e6ca68f83f9bc

    • Size

      129KB

    • MD5

      85dc8ae83130c0cdba1847295ec54289

    • SHA1

      882a63bc5221eca77228837ccb8402a7f81bf2b7

    • SHA256

      5dfb3a400c7ab0de4be178d2f501d5680bcc1d079afe9ab6649e6ca68f83f9bc

    • SHA512

      ec291c472b1f0b1d2385399580145609af6d0b0cb28c297e659a634546418dbd8f685e08beac057e1ec70ca778f0af81a0d228c8fec1272f47d44e0f2c81896d

    • SSDEEP

      3072:sJoNIFhq9fUsf8e2xGKfK6jnPNv/jywxmi7ifQc5nWbEZo:sJU9lf89xRK6jB7ai7ifv5B2

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Program crash

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks