Overview

overview

6

Static

static

ef8c4140fd...c9.exe

windows7-x64

6

ef8c4140fd...c9.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef8c4140fd2ea10cb9a6444c12c9d5d872c13192f7dc32da9aa7887596f5f0c9

  • Size

    250KB

  • Sample

    221130-mfgmrsbg62

  • MD5

    f3deedb71f0de98a6aa97329e4c16498

  • SHA1

    c30e54be3bc5a060d7bdfa6ade5e0732169554f4

  • SHA256

    ef8c4140fd2ea10cb9a6444c12c9d5d872c13192f7dc32da9aa7887596f5f0c9

  • SHA512

    51b1e7064a2024a787a85e59d56852caefcc9f311ca3d293935ba25a0d18be58c686e728c283fc06b61eb8ea8a7107e7a1af91d741304b6604c2bc2b893e0988

  • SSDEEP

    6144:c3atSBT+sstoBBC+XQYc9959tZqt++lfEBruAUikylBS0J:yx7tDo5wtXl6u0J

Score
6/10
persistence

Malware Config

Targets

    • Target

      ef8c4140fd2ea10cb9a6444c12c9d5d872c13192f7dc32da9aa7887596f5f0c9

    • Size

      250KB

    • MD5

      f3deedb71f0de98a6aa97329e4c16498

    • SHA1

      c30e54be3bc5a060d7bdfa6ade5e0732169554f4

    • SHA256

      ef8c4140fd2ea10cb9a6444c12c9d5d872c13192f7dc32da9aa7887596f5f0c9

    • SHA512

      51b1e7064a2024a787a85e59d56852caefcc9f311ca3d293935ba25a0d18be58c686e728c283fc06b61eb8ea8a7107e7a1af91d741304b6604c2bc2b893e0988

    • SSDEEP

      6144:c3atSBT+sstoBBC+XQYc9959tZqt++lfEBruAUikylBS0J:yx7tDo5wtXl6u0J

    Score
    6/10
    persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks