432678f041469a9b272e976766151070cf5f3bb2690a6483098a48e6d292b339 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

432678f041469a9b272e976766151070cf5f3bb2690a6483098a48e6d292b339
Size

349KB
Sample

221203-am97fahb57
MD5

854c73794be88b55fcd054685b10ab05
SHA1

8c6f90e01426ff034872d249641cc424cc90f377
SHA256

432678f041469a9b272e976766151070cf5f3bb2690a6483098a48e6d292b339
SHA512

e0ba6048532ff9d7a4f023a615d13aed493163e9faa66ba6771e7b5e4707eaf86b61632543d398e96a73279cf01eaf61d96785e66a63cef0405f08937350e224
SSDEEP

6144:J2nrFsZwRUE++PJj1YdcU0wEupmAMWuNa:J+hx1tBcJMfa

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  432678f041469a9b272e976766151070cf5f3bb2690a6483098a48e6d292b339
- Size
  
  349KB
- MD5
  
  854c73794be88b55fcd054685b10ab05
- SHA1
  
  8c6f90e01426ff034872d249641cc424cc90f377
- SHA256
  
  432678f041469a9b272e976766151070cf5f3bb2690a6483098a48e6d292b339
- SHA512
  
  e0ba6048532ff9d7a4f023a615d13aed493163e9faa66ba6771e7b5e4707eaf86b61632543d398e96a73279cf01eaf61d96785e66a63cef0405f08937350e224
- SSDEEP
  
  6144:J2nrFsZwRUE++PJj1YdcU0wEupmAMWuNa:J+hx1tBcJMfa
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2