c358154b48ad7e666839e5cda7f41e85c1c94db320cdbd596bb251a83c80c484 | Triage

Sharing

General

Target

c358154b48ad7e666839e5cda7f41e85c1c94db320cdbd596bb251a83c80c484
Size

784KB
Sample

221203-gcp7vahf82
MD5

146a13a4c1735062c7e144f8a6aee6f3
SHA1

9a00f7e67196c436a4d9355007055982c24a90e7
SHA256

c358154b48ad7e666839e5cda7f41e85c1c94db320cdbd596bb251a83c80c484
SHA512

b4a50c3b11af3f9f3d4944d456b11743ce96381f80d98061b850719a21d7d669261b4a9a394b91a1291053ace1b1b4446ecc5c45f048e534dfed20e8ae830710
SSDEEP

12288:GefX5bxGTsLvx/WvBLlmDLI/wA0qSniuMVGnmjKnRlgqdQ3QCNTI:GUX5dDFWLUkWqSnZMknmMIfr5I

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  c358154b48ad7e666839e5cda7f41e85c1c94db320cdbd596bb251a83c80c484
- Size
  
  784KB
- MD5
  
  146a13a4c1735062c7e144f8a6aee6f3
- SHA1
  
  9a00f7e67196c436a4d9355007055982c24a90e7
- SHA256
  
  c358154b48ad7e666839e5cda7f41e85c1c94db320cdbd596bb251a83c80c484
- SHA512
  
  b4a50c3b11af3f9f3d4944d456b11743ce96381f80d98061b850719a21d7d669261b4a9a394b91a1291053ace1b1b4446ecc5c45f048e534dfed20e8ae830710
- SSDEEP
  
  12288:GefX5bxGTsLvx/WvBLlmDLI/wA0qSniuMVGnmjKnRlgqdQ3QCNTI:GUX5dDFWLUkWqSnZMknmMIfr5I
Score

9^/10

evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2