83eb9ef7877ee901287f7ea0871a35b3f1eb8daa583d4e8d79f76d6ad07aeeb2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83eb9ef7877ee901287f7ea0871a35b3f1eb8daa583d4e8d79f76d6ad07aeeb2
Size

194KB
Sample

221201-1y4rxaaa9t
MD5

ac75d46a6050461f68289fc6f84fad65
SHA1

0ca0fd8631507827673d6e19c65843c55c4badf9
SHA256

83eb9ef7877ee901287f7ea0871a35b3f1eb8daa583d4e8d79f76d6ad07aeeb2
SHA512

cdb245060e6909b27d2b6312a6878ec70bccabac14a48e9ed7f3a7af6d99d03fd28154c231ae903fb01b9ac205160ae6b5cb9934630d6d1f02fc3524a3b482a7
SSDEEP

3072:c7+qGHFerlhFRRLy2I2MMjo7MSzefQPYWNeEhH4iwzLwu7INUF2b5zXxxEbFpAH:y+7HFerH8v3dGQQWN5hyR4UFwzxExp

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  83eb9ef7877ee901287f7ea0871a35b3f1eb8daa583d4e8d79f76d6ad07aeeb2
- Size
  
  194KB
- MD5
  
  ac75d46a6050461f68289fc6f84fad65
- SHA1
  
  0ca0fd8631507827673d6e19c65843c55c4badf9
- SHA256
  
  83eb9ef7877ee901287f7ea0871a35b3f1eb8daa583d4e8d79f76d6ad07aeeb2
- SHA512
  
  cdb245060e6909b27d2b6312a6878ec70bccabac14a48e9ed7f3a7af6d99d03fd28154c231ae903fb01b9ac205160ae6b5cb9934630d6d1f02fc3524a3b482a7
- SSDEEP
  
  3072:c7+qGHFerlhFRRLy2I2MMjo7MSzefQPYWNeEhH4iwzLwu7INUF2b5zXxxEbFpAH:y+7HFerH8v3dGQQWN5hyR4UFwzxExp
Score

8^/10

discovery persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence