6960a3ae74f370068ad89c55e08ff8531362a152c8d05252ea357cbf24f8ef84 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6960a3ae74f370068ad89c55e08ff8531362a152c8d05252ea357cbf24f8ef84
Size

177KB
Sample

221201-d8rtrseh5v
MD5

797506125e7c21b4583c6fe08dbd91c0
SHA1

7af0d4aaec6a58274c4efe98976ce97edb69782d
SHA256

6960a3ae74f370068ad89c55e08ff8531362a152c8d05252ea357cbf24f8ef84
SHA512

dd4b4ff8f3acdf6c26b64e0f016109d70a642ae0b5d31f55cd11b9a1cb68fd0d17691728c96aa525329bdec0eee890516e47cffc725210bde16036acedcf5dc1
SSDEEP

1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcq3zgOa8k4f57QrHixDmdnd:FW+1oS4l5OeuQdrmwvL8Eq4

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  6960a3ae74f370068ad89c55e08ff8531362a152c8d05252ea357cbf24f8ef84
- Size
  
  177KB
- MD5
  
  797506125e7c21b4583c6fe08dbd91c0
- SHA1
  
  7af0d4aaec6a58274c4efe98976ce97edb69782d
- SHA256
  
  6960a3ae74f370068ad89c55e08ff8531362a152c8d05252ea357cbf24f8ef84
- SHA512
  
  dd4b4ff8f3acdf6c26b64e0f016109d70a642ae0b5d31f55cd11b9a1cb68fd0d17691728c96aa525329bdec0eee890516e47cffc725210bde16036acedcf5dc1
- SSDEEP
  
  1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcq3zgOa8k4f57QrHixDmdnd:FW+1oS4l5OeuQdrmwvL8Eq4
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2