d366c9e2bb084a5fdd3aa464cbb02fe235098d0aa4833766570657dab929cc70 | Triage

Sharing

General

Target

d366c9e2bb084a5fdd3aa464cbb02fe235098d0aa4833766570657dab929cc70
Size

473KB
Sample

221201-vmnzesab83
MD5

c4b8c0c335867d17572c14663304a2ca
SHA1

0764bc43b71bcddb7a2cc793d5f0eaf861e4631c
SHA256

d366c9e2bb084a5fdd3aa464cbb02fe235098d0aa4833766570657dab929cc70
SHA512

72283b65b509c197b5d13909b5ee08aadf2c284f179414f1b2cf09aa5cf9858eaa3855c27bf63d88b663336a6f457beaa2eb746ffede80d45000be0e9832f614
SSDEEP

12288:gI9T62LFe4CyEs/FrqZv2T27XZSYHkvCUYSAMbl274r:g6T6cFwfqev2TIZSYHkvCkAMEsr

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  d366c9e2bb084a5fdd3aa464cbb02fe235098d0aa4833766570657dab929cc70
- Size
  
  473KB
- MD5
  
  c4b8c0c335867d17572c14663304a2ca
- SHA1
  
  0764bc43b71bcddb7a2cc793d5f0eaf861e4631c
- SHA256
  
  d366c9e2bb084a5fdd3aa464cbb02fe235098d0aa4833766570657dab929cc70
- SHA512
  
  72283b65b509c197b5d13909b5ee08aadf2c284f179414f1b2cf09aa5cf9858eaa3855c27bf63d88b663336a6f457beaa2eb746ffede80d45000be0e9832f614
- SSDEEP
  
  12288:gI9T62LFe4CyEs/FrqZv2T27XZSYHkvCUYSAMbl274r:g6T6cFwfqev2TIZSYHkvCkAMEsr
Score

9^/10

evasion persistence
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence