57214beea1873dea894048d87bad58c2e1f05832fa55149e11686dd99a7a10be | Triage

Sharing

General

Target

57214beea1873dea894048d87bad58c2e1f05832fa55149e11686dd99a7a10be
Size

677KB
Sample

221130-mendxsbg23
MD5

8588db51d60b44699d7e3a228cc1b1f2
SHA1

1aa6995c611aa1448a50a152b3f9a4b0561fd1e0
SHA256

57214beea1873dea894048d87bad58c2e1f05832fa55149e11686dd99a7a10be
SHA512

74b2d6ede7845d84ce8bf95a4f3ba0b55684dff053ade98018753da8353c1609b571764c259382238e6bb95e3487e3c7f1bbdf51f597abfa6366b924492ea823
SSDEEP

12288:TOaQ5WVaSeMfEuIVwewkI5LbmcnfbmtzQWJ5SxJq4TILu578wxF+WC3y:TOz8RjLleUxlb5q5SxY4TJ578Q/V

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  57214beea1873dea894048d87bad58c2e1f05832fa55149e11686dd99a7a10be
- Size
  
  677KB
- MD5
  
  8588db51d60b44699d7e3a228cc1b1f2
- SHA1
  
  1aa6995c611aa1448a50a152b3f9a4b0561fd1e0
- SHA256
  
  57214beea1873dea894048d87bad58c2e1f05832fa55149e11686dd99a7a10be
- SHA512
  
  74b2d6ede7845d84ce8bf95a4f3ba0b55684dff053ade98018753da8353c1609b571764c259382238e6bb95e3487e3c7f1bbdf51f597abfa6366b924492ea823
- SSDEEP
  
  12288:TOaQ5WVaSeMfEuIVwewkI5LbmcnfbmtzQWJ5SxJq4TILu578wxF+WC3y:TOz8RjLleUxlb5q5SxY4TJ578Q/V
Score

9^/10

evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Software Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2