ef9fb782de436f82adb1abb81451f6f936a758a443ecd56aee527beb675d4a3e | Triage

Sharing

General

Target

ef9fb782de436f82adb1abb81451f6f936a758a443ecd56aee527beb675d4a3e
Size

307KB
Sample

221203-djf1zahe92
MD5

b4b8da1e7dc36ef2c99c300db2a65bd0
SHA1

cb22398bce74743b86a99cb2cc58cc52fc801ade
SHA256

ef9fb782de436f82adb1abb81451f6f936a758a443ecd56aee527beb675d4a3e
SHA512

95cb8864ea954e83f72b54f03e432b1bc6c9820ae3345446ac1942113a84b6e70158f6dcc655469c16678253a7fa7f78c0bf71e5cb129265ea3b023511ffef71
SSDEEP

6144:IyGxr7rLrLrLrbrrrxB0pY4VE/RHn6OoGt+yKoUV7u6YhVdG+AbQuTsZR7i8ipxF:5Gxr7rLrLrLrbrrrxB0S4gn6iH0s7Pzb

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  ef9fb782de436f82adb1abb81451f6f936a758a443ecd56aee527beb675d4a3e
- Size
  
  307KB
- MD5
  
  b4b8da1e7dc36ef2c99c300db2a65bd0
- SHA1
  
  cb22398bce74743b86a99cb2cc58cc52fc801ade
- SHA256
  
  ef9fb782de436f82adb1abb81451f6f936a758a443ecd56aee527beb675d4a3e
- SHA512
  
  95cb8864ea954e83f72b54f03e432b1bc6c9820ae3345446ac1942113a84b6e70158f6dcc655469c16678253a7fa7f78c0bf71e5cb129265ea3b023511ffef71
- SSDEEP
  
  6144:IyGxr7rLrLrLrbrrrxB0pY4VE/RHn6OoGt+yKoUV7u6YhVdG+AbQuTsZR7i8ipxF:5Gxr7rLrLrLrbrrrxB0S4gn6iH0s7Pzb
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2