f8c5e8fbf1864feb6f042da4b53d9b3e9bf97a34f73296defa4cab668f4e6dcd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f8c5e8fbf1864feb6f042da4b53d9b3e9bf97a34f73296defa4cab668f4e6dcd
Size

299KB
Sample

221203-c42bzabd5y
MD5

5955355a06625d8df08b9f2bbefe8390
SHA1

f846dfe615abd9fc770f676b7393e672d46426dd
SHA256

f8c5e8fbf1864feb6f042da4b53d9b3e9bf97a34f73296defa4cab668f4e6dcd
SHA512

d76bdf65a3709aacba7a37766241e07674ea4105eb2ab927494a68dbb868cd574aa0bee981dd2b9d1392873b85cfa42fdd0742ecc0f02f7d52876813a7b21650
SSDEEP

6144:59uRpdCXrnkp1W8t/88VKDnabi4CE4s0cvL+rWQMF8Y8J3Q4dS/:QpOrYM8t/88eab5CEd0cvLXHuhJ3tS/

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f8c5e8fbf1864feb6f042da4b53d9b3e9bf97a34f73296defa4cab668f4e6dcd
- Size
  
  299KB
- MD5
  
  5955355a06625d8df08b9f2bbefe8390
- SHA1
  
  f846dfe615abd9fc770f676b7393e672d46426dd
- SHA256
  
  f8c5e8fbf1864feb6f042da4b53d9b3e9bf97a34f73296defa4cab668f4e6dcd
- SHA512
  
  d76bdf65a3709aacba7a37766241e07674ea4105eb2ab927494a68dbb868cd574aa0bee981dd2b9d1392873b85cfa42fdd0742ecc0f02f7d52876813a7b21650
- SSDEEP
  
  6144:59uRpdCXrnkp1W8t/88VKDnabi4CE4s0cvL+rWQMF8Y8J3Q4dS/:QpOrYM8t/88eab5CEd0cvLXHuhJ3tS/
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2