97f75c01b3bd6419561b65d7413f2a64b68405a2c35edd1618168246bccc2876 | Triage

Sharing

General

Target

97f75c01b3bd6419561b65d7413f2a64b68405a2c35edd1618168246bccc2876
Size

352KB
Sample

221202-xeef5age8t
MD5

6ce7b4bb39f7f0b449b2bc255b52aac1
SHA1

1bb5ededf96c740bac666fc93acfc9985b9763e7
SHA256

97f75c01b3bd6419561b65d7413f2a64b68405a2c35edd1618168246bccc2876
SHA512

a18586fcb23364c9889f31c87714989376745655c1c3c272314e4485c9cb6b68a9257ad41437511e8f7bf9af50181ca2f6fce58fb1eeba7a9ac356862623a52f
SSDEEP

6144:lvIgSMLwgkoK0zat8GzwzkIXfYnPY7gPNkoK0zat8GzwzkIXfYnPYDgqq:lQgS0wCK0qjIQnAslxK0qjIQnAkL

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  97f75c01b3bd6419561b65d7413f2a64b68405a2c35edd1618168246bccc2876
- Size
  
  352KB
- MD5
  
  6ce7b4bb39f7f0b449b2bc255b52aac1
- SHA1
  
  1bb5ededf96c740bac666fc93acfc9985b9763e7
- SHA256
  
  97f75c01b3bd6419561b65d7413f2a64b68405a2c35edd1618168246bccc2876
- SHA512
  
  a18586fcb23364c9889f31c87714989376745655c1c3c272314e4485c9cb6b68a9257ad41437511e8f7bf9af50181ca2f6fce58fb1eeba7a9ac356862623a52f
- SSDEEP
  
  6144:lvIgSMLwgkoK0zat8GzwzkIXfYnPY7gPNkoK0zat8GzwzkIXfYnPYDgqq:lQgS0wCK0qjIQnAslxK0qjIQnAkL
Score

10^/10

persistence upx
- Modifies system executable filetype association
  persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2