27a5aed148032c973c7691d9cf3b0215ce14596f442eed2f7976c86cd4f182f4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27a5aed148032c973c7691d9cf3b0215ce14596f442eed2f7976c86cd4f182f4
Size

138KB
Sample

221203-fnygxsfh48
MD5

0ab4826e23cc2f5f2e79f96aa00779d0
SHA1

ef84dcdbd1da4612b77ef6b7ea82202378f2beb4
SHA256

27a5aed148032c973c7691d9cf3b0215ce14596f442eed2f7976c86cd4f182f4
SHA512

d104dc0c0f2703c7927b8f20cbb3be47f1cb15bc3f248b6c8f5f1098213f60ac6b96557b31df47eab525fb3d3c370f124ae6c02b0ba949e3ea5d79e30771fc43
SSDEEP

3072:WHeJ9SLfJ2AB23d0frhyCUvnHeXsvJTni:PazJH2i9q/eXsB

Score

6^/10

Malware Config

Targets

- Target
  
  27a5aed148032c973c7691d9cf3b0215ce14596f442eed2f7976c86cd4f182f4
- Size
  
  138KB
- MD5
  
  0ab4826e23cc2f5f2e79f96aa00779d0
- SHA1
  
  ef84dcdbd1da4612b77ef6b7ea82202378f2beb4
- SHA256
  
  27a5aed148032c973c7691d9cf3b0215ce14596f442eed2f7976c86cd4f182f4
- SHA512
  
  d104dc0c0f2703c7927b8f20cbb3be47f1cb15bc3f248b6c8f5f1098213f60ac6b96557b31df47eab525fb3d3c370f124ae6c02b0ba949e3ea5d79e30771fc43
- SSDEEP
  
  3072:WHeJ9SLfJ2AB23d0frhyCUvnHeXsvJTni:PazJH2i9q/eXsB
Score

6^/10
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2