94f68ba4c731a5d7bdcd26767e3fc33cdea45ef545ed805843a9b8b56f501bc3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94f68ba4c731a5d7bdcd26767e3fc33cdea45ef545ed805843a9b8b56f501bc3
Size

144KB
Sample

221202-29xy6sdf49
MD5

4b0ad02140d767cdba788d0498071564
SHA1

743fb7f57a20851932cc96f874f5dc7ba32c0e64
SHA256

94f68ba4c731a5d7bdcd26767e3fc33cdea45ef545ed805843a9b8b56f501bc3
SHA512

b596681c3cd695a46d182c0680b2d73f15873afc922ac4625965d058d95a60bc1c15e23da452f32c398beabc936d40f19bdaad5e2f4cd5deb9fd5743b8679881
SSDEEP

3072:OYcrNcvYtEo5TovZ4lNex8gJFY5txJvVbJefS:AqBYToHItHvzoS

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  94f68ba4c731a5d7bdcd26767e3fc33cdea45ef545ed805843a9b8b56f501bc3
- Size
  
  144KB
- MD5
  
  4b0ad02140d767cdba788d0498071564
- SHA1
  
  743fb7f57a20851932cc96f874f5dc7ba32c0e64
- SHA256
  
  94f68ba4c731a5d7bdcd26767e3fc33cdea45ef545ed805843a9b8b56f501bc3
- SHA512
  
  b596681c3cd695a46d182c0680b2d73f15873afc922ac4625965d058d95a60bc1c15e23da452f32c398beabc936d40f19bdaad5e2f4cd5deb9fd5743b8679881
- SSDEEP
  
  3072:OYcrNcvYtEo5TovZ4lNex8gJFY5txJvVbJefS:AqBYToHItHvzoS
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2