81eb7a1a8f2e4a01246852cab421df53e693c8c0e78612f731cb16fad210b3b0 | Triage

Sharing

General

Target

81eb7a1a8f2e4a01246852cab421df53e693c8c0e78612f731cb16fad210b3b0
Size

241KB
Sample

221201-15zrjaaf9y
MD5

c7c1ed4cc182307b76b3bc01253cdd06
SHA1

b5fda2a62e340b5e4e4ba509316c844ab885b35d
SHA256

81eb7a1a8f2e4a01246852cab421df53e693c8c0e78612f731cb16fad210b3b0
SHA512

7d114b688c5f11d9f33951374dd10fb3eaa5fa826c3aaa042f6ff78daf9b7c02cbd2096b891cffa0fe0e6a17a7881d282c6da1caaf62e3790589fb5978844352
SSDEEP

3072:HDgnEdPvIvxywNCQoVeEeZaL8QwtVg6C7619nc7BSQP47n/E5pNFZHO2e0QKlPu9:scA1Cdfe4oQwtVi+TWYQQ7n/gpNTdGL

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  81eb7a1a8f2e4a01246852cab421df53e693c8c0e78612f731cb16fad210b3b0
- Size
  
  241KB
- MD5
  
  c7c1ed4cc182307b76b3bc01253cdd06
- SHA1
  
  b5fda2a62e340b5e4e4ba509316c844ab885b35d
- SHA256
  
  81eb7a1a8f2e4a01246852cab421df53e693c8c0e78612f731cb16fad210b3b0
- SHA512
  
  7d114b688c5f11d9f33951374dd10fb3eaa5fa826c3aaa042f6ff78daf9b7c02cbd2096b891cffa0fe0e6a17a7881d282c6da1caaf62e3790589fb5978844352
- SSDEEP
  
  3072:HDgnEdPvIvxywNCQoVeEeZaL8QwtVg6C7619nc7BSQP47n/E5pNFZHO2e0QKlPu9:scA1Cdfe4oQwtVi+TWYQQ7n/gpNTdGL
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2