804cc7d77d9f53cb587416241aa89767149ce823093f2d138acf32b873f750ec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

804cc7d77d9f53cb587416241aa89767149ce823093f2d138acf32b873f750ec
Size

1.5MB
Sample

221201-cyyc5aba71
MD5

460a2feebbd8cc47d74be47addbcd795
SHA1

41b8cfa4ff87ca04a921c332501f5ca3f6fcec80
SHA256

804cc7d77d9f53cb587416241aa89767149ce823093f2d138acf32b873f750ec
SHA512

c351fc99b822864443b5f4c07af1c277d75449312b31c52908cbcf0dba75d4b76533d54b30f0a4c4f9b0afa9dceee2640d3e707cc1c56d5912b9edf40801269a
SSDEEP

12288:RZ5d+2GI8zw64vyhPDNgfo+5d653ySz5bpM3QBNNUOUVYysQB8Fo2yh36rF8y8MJ:/B8zw64vyhPDNgf7diyFUOYVCDDGIN

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  804cc7d77d9f53cb587416241aa89767149ce823093f2d138acf32b873f750ec
- Size
  
  1.5MB
- MD5
  
  460a2feebbd8cc47d74be47addbcd795
- SHA1
  
  41b8cfa4ff87ca04a921c332501f5ca3f6fcec80
- SHA256
  
  804cc7d77d9f53cb587416241aa89767149ce823093f2d138acf32b873f750ec
- SHA512
  
  c351fc99b822864443b5f4c07af1c277d75449312b31c52908cbcf0dba75d4b76533d54b30f0a4c4f9b0afa9dceee2640d3e707cc1c56d5912b9edf40801269a
- SSDEEP
  
  12288:RZ5d+2GI8zw64vyhPDNgfo+5d653ySz5bpM3QBNNUOUVYysQB8Fo2yh36rF8y8MJ:/B8zw64vyhPDNgf7diyFUOYVCDDGIN
Score

7^/10

persistence
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2