eaa54b0d012146423e4b9e8c04e0ce61c8c7aa16975b971dce08c7debd95c477 | Triage

Sharing

General

Target

eaa54b0d012146423e4b9e8c04e0ce61c8c7aa16975b971dce08c7debd95c477
Size

860KB
Sample

221203-dq98dsac26
MD5

fd9af1f548ee86a0d1704781aef89366
SHA1

907bb0e1e0dfe15f176d78f91f103673e2b8d88b
SHA256

eaa54b0d012146423e4b9e8c04e0ce61c8c7aa16975b971dce08c7debd95c477
SHA512

8b058ba203356408b11f520e6af4ef39fa2475dbd2e6cb0b07bce6d0063a48e5053d68c930e4dae870b46a82bc1725044eb874a73ef39b43d93691934a8a2360
SSDEEP

12288:sp+nBP0CM9etuZ8Z/QH38oe+o6MnDAxiNp6ZO9CKhJ/NtH2/YPLwNN2aS6:scnm99eLZ/QH38J+7aC69T2/ALmYa

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  eaa54b0d012146423e4b9e8c04e0ce61c8c7aa16975b971dce08c7debd95c477
- Size
  
  860KB
- MD5
  
  fd9af1f548ee86a0d1704781aef89366
- SHA1
  
  907bb0e1e0dfe15f176d78f91f103673e2b8d88b
- SHA256
  
  eaa54b0d012146423e4b9e8c04e0ce61c8c7aa16975b971dce08c7debd95c477
- SHA512
  
  8b058ba203356408b11f520e6af4ef39fa2475dbd2e6cb0b07bce6d0063a48e5053d68c930e4dae870b46a82bc1725044eb874a73ef39b43d93691934a8a2360
- SSDEEP
  
  12288:sp+nBP0CM9etuZ8Z/QH38oe+o6MnDAxiNp6ZO9CKhJ/NtH2/YPLwNN2aS6:scnm99eLZ/QH38J+7aC69T2/ALmYa
Score

9^/10

evasion persistence
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence