bbfb4f341a5561ec35cf8baa9c0f6389346929c81b8bbae9f044314f35c8993a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bbfb4f341a5561ec35cf8baa9c0f6389346929c81b8bbae9f044314f35c8993a
Size

100KB
Sample

221201-xa2qvshb79
MD5

502d5ace6795e8e6bf566e2774fc3506
SHA1

86e45b2cc05b0a3a71cd9d4aafed6b410debb0fe
SHA256

bbfb4f341a5561ec35cf8baa9c0f6389346929c81b8bbae9f044314f35c8993a
SHA512

12fc26203eed0c3e6728499de8760cf8e996b84a8b6e17612c3d9a3de6460e5d5ccf4b14a91198e1e2328ea0d9804c592d2584d4b8e9b016affc87f18fe6e1f1
SSDEEP

3072:QhlB1okNRNplvSDTFg3z62LiGNEaKZcA5gROOUtDz:KB1oiTKDTf2+BlPgyz

Score

7^/10

Malware Config

Targets

- Target
  
  bbfb4f341a5561ec35cf8baa9c0f6389346929c81b8bbae9f044314f35c8993a
- Size
  
  100KB
- MD5
  
  502d5ace6795e8e6bf566e2774fc3506
- SHA1
  
  86e45b2cc05b0a3a71cd9d4aafed6b410debb0fe
- SHA256
  
  bbfb4f341a5561ec35cf8baa9c0f6389346929c81b8bbae9f044314f35c8993a
- SHA512
  
  12fc26203eed0c3e6728499de8760cf8e996b84a8b6e17612c3d9a3de6460e5d5ccf4b14a91198e1e2328ea0d9804c592d2584d4b8e9b016affc87f18fe6e1f1
- SSDEEP
  
  3072:QhlB1okNRNplvSDTFg3z62LiGNEaKZcA5gROOUtDz:KB1oiTKDTf2+BlPgyz
Score

7^/10
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2