958896a49209ce4e603f2a48ee18abc68a638e4b484f7bbe1dc23843c8c73e70 | Triage

Sharing

General

Target

958896a49209ce4e603f2a48ee18abc68a638e4b484f7bbe1dc23843c8c73e70
Size

223KB
Sample

221202-ad3q1ahd31
MD5

31f23079432a2dee3847362092e382d0
SHA1

ef2535abcdfd5004140b708ebf86dd65f0b1537a
SHA256

958896a49209ce4e603f2a48ee18abc68a638e4b484f7bbe1dc23843c8c73e70
SHA512

789a8273093864f48c8df70b84b08d3bcfab8ac577872127712def10d2f9068891ca76bde316c91108f8c651be0ce90a7c88c445997614f0c93ea274858af2a9
SSDEEP

3072:f1qAcg6NpGVh89Cg0RdXtK9r4U8zWyts:H+Gr89Cg0XXtAZ8v

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  958896a49209ce4e603f2a48ee18abc68a638e4b484f7bbe1dc23843c8c73e70
- Size
  
  223KB
- MD5
  
  31f23079432a2dee3847362092e382d0
- SHA1
  
  ef2535abcdfd5004140b708ebf86dd65f0b1537a
- SHA256
  
  958896a49209ce4e603f2a48ee18abc68a638e4b484f7bbe1dc23843c8c73e70
- SHA512
  
  789a8273093864f48c8df70b84b08d3bcfab8ac577872127712def10d2f9068891ca76bde316c91108f8c651be0ce90a7c88c445997614f0c93ea274858af2a9
- SSDEEP
  
  3072:f1qAcg6NpGVh89Cg0RdXtK9r4U8zWyts:H+Gr89Cg0XXtAZ8v
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2