c09ecad3b54fa3374ca5b1fbdff5a562eb2b9bddaa42752712ec1bf125449fab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c09ecad3b54fa3374ca5b1fbdff5a562eb2b9bddaa42752712ec1bf125449fab
Size

126KB
Sample

221203-glq6hadg41
MD5

1a3dc0a0d81843a9f8612a9c21cf0360
SHA1

4c26e1886ddadfaece64541c077e85642bd5d8e9
SHA256

c09ecad3b54fa3374ca5b1fbdff5a562eb2b9bddaa42752712ec1bf125449fab
SHA512

3123e24333d437ff4bf97e46144125ce311ae05aff4dcd89d4138fa7ffa5f1d6c712541722077073131fbc043a09594da26230b687fdd5fea7897207c667974a
SSDEEP

3072:jDZAL6EgWBgUHAqHeD+hYFreeye43klfLczbwOoyP:iGE6UHJeD+hYFrebebFL

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  c09ecad3b54fa3374ca5b1fbdff5a562eb2b9bddaa42752712ec1bf125449fab
- Size
  
  126KB
- MD5
  
  1a3dc0a0d81843a9f8612a9c21cf0360
- SHA1
  
  4c26e1886ddadfaece64541c077e85642bd5d8e9
- SHA256
  
  c09ecad3b54fa3374ca5b1fbdff5a562eb2b9bddaa42752712ec1bf125449fab
- SHA512
  
  3123e24333d437ff4bf97e46144125ce311ae05aff4dcd89d4138fa7ffa5f1d6c712541722077073131fbc043a09594da26230b687fdd5fea7897207c667974a
- SSDEEP
  
  3072:jDZAL6EgWBgUHAqHeD+hYFreeye43klfLczbwOoyP:iGE6UHJeD+hYFrebebFL
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2