d789e1f963e1ab8e9c2874083b18cdac5606c20363f3fe139b688bb220a06267 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d789e1f963e1ab8e9c2874083b18cdac5606c20363f3fe139b688bb220a06267
Size

38KB
Sample

221201-qt9ggscf37
MD5

bdceced029754c1c806c92af62d94681
SHA1

656430844b76df8ef3676851c598126a8777114e
SHA256

d789e1f963e1ab8e9c2874083b18cdac5606c20363f3fe139b688bb220a06267
SHA512

75aae01d412d5d1f6a0c786e988f7e0723eaa151b9d97f7474998196d9e6698590e14816502eb92cb7dd6066bc5926346a83fe066aea74c327b4041caa706653
SSDEEP

768:dpwz5Oo51rYr8sqTTOMM6MMMMMMMMM2k9c77777777777777777777777777777a:dW968sqTTOMM6MMMMMMMMM2k9c77777a

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  d789e1f963e1ab8e9c2874083b18cdac5606c20363f3fe139b688bb220a06267
- Size
  
  38KB
- MD5
  
  bdceced029754c1c806c92af62d94681
- SHA1
  
  656430844b76df8ef3676851c598126a8777114e
- SHA256
  
  d789e1f963e1ab8e9c2874083b18cdac5606c20363f3fe139b688bb220a06267
- SHA512
  
  75aae01d412d5d1f6a0c786e988f7e0723eaa151b9d97f7474998196d9e6698590e14816502eb92cb7dd6066bc5926346a83fe066aea74c327b4041caa706653
- SSDEEP
  
  768:dpwz5Oo51rYr8sqTTOMM6MMMMMMMMM2k9c77777777777777777777777777777a:dW968sqTTOMM6MMMMMMMMM2k9c77777a
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2