57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b | Triage

Sharing

General

Target

57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b
Size

696KB
Sample

221201-fnae4afe85
MD5

bf88c6819a93885c3b04d531bbad9b11
SHA1

9cb7e9fee85c35cf7398919933f20e050b7de2b2
SHA256

57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b
SHA512

573d34d43da1bd14f21dd1d2bac5b7b58a5f564a73379f82b50403f14ba85d9f0f890c2e17bac0ba59afb28c8358d02d15f97ed6c2902825ae4f47b3165b7392
SSDEEP

12288:G9RAeTABv7wMZGR4quJtLzGM/hGIjoLYGY3PfrwYdrSTPoVhy875u:WAe+wM4R47Jl341LYf3Pj/QoLZo

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b
- Size
  
  696KB
- MD5
  
  bf88c6819a93885c3b04d531bbad9b11
- SHA1
  
  9cb7e9fee85c35cf7398919933f20e050b7de2b2
- SHA256
  
  57cfeba2275b4cd306c0c0ef4c70be26131a62b7a6136efb364fee14c0d3188b
- SHA512
  
  573d34d43da1bd14f21dd1d2bac5b7b58a5f564a73379f82b50403f14ba85d9f0f890c2e17bac0ba59afb28c8358d02d15f97ed6c2902825ae4f47b3165b7392
- SSDEEP
  
  12288:G9RAeTABv7wMZGR4quJtLzGM/hGIjoLYGY3PfrwYdrSTPoVhy875u:WAe+wM4R47Jl341LYf3Pj/QoLZo
Score

9^/10

evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2