618b66ebd98be503e3a0521f1f96a609d8338f800d65877f258ec6340023e287 | Triage

Sharing

General

Target

618b66ebd98be503e3a0521f1f96a609d8338f800d65877f258ec6340023e287
Size

321KB
Sample

221203-am6t1scc3y
MD5

fc272ce7fefc350db5727354e39dd423
SHA1

1327d500a09bc115b2b7caac85b1b74f06dc2ef8
SHA256

618b66ebd98be503e3a0521f1f96a609d8338f800d65877f258ec6340023e287
SHA512

d84c09f15b991e79c342ee4411f4137bb65ae9779d266680df841494ba5ceeb15d17d7fa3b2ca691322763d22a4d35b97c6f165779a65ddf0239c2fdfa321bec
SSDEEP

3072:lNQftfClRajNsEYXFBZU1HJAPCXjUeJs2raRLoO7mbD7R9nIxF+l6qFUT+aqNV40:lNatAaz68H0Kp24aX7Sp9nkF+oTuEjET

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  618b66ebd98be503e3a0521f1f96a609d8338f800d65877f258ec6340023e287
- Size
  
  321KB
- MD5
  
  fc272ce7fefc350db5727354e39dd423
- SHA1
  
  1327d500a09bc115b2b7caac85b1b74f06dc2ef8
- SHA256
  
  618b66ebd98be503e3a0521f1f96a609d8338f800d65877f258ec6340023e287
- SHA512
  
  d84c09f15b991e79c342ee4411f4137bb65ae9779d266680df841494ba5ceeb15d17d7fa3b2ca691322763d22a4d35b97c6f165779a65ddf0239c2fdfa321bec
- SSDEEP
  
  3072:lNQftfClRajNsEYXFBZU1HJAPCXjUeJs2raRLoO7mbD7R9nIxF+l6qFUT+aqNV40:lNatAaz68H0Kp24aX7Sp9nkF+oTuEjET
Score

8^/10

discovery persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2