d1c52f500fe620d450a48ea562726d7f8e6e0d400a7c0bc7d24c62d40c2b78f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1c52f500fe620d450a48ea562726d7f8e6e0d400a7c0bc7d24c62d40c2b78f3
Size

132KB
Sample

221203-pqb65saf82
MD5

2f971baf0a759d1d4553836e8400ff4d
SHA1

050403629a08b7d7b11057aeb4d81dcaac3d8fbb
SHA256

d1c52f500fe620d450a48ea562726d7f8e6e0d400a7c0bc7d24c62d40c2b78f3
SHA512

b945f56a35459a18a67ef1b10b6c3edd506917c0ef0c1781cf974fb84b50299a061dc60612cb7c647b7cfa94d8bca64ae982d4f13a5ef79d81feb599a26172e0
SSDEEP

3072:9hA3bL1N6ctwR1tCiANhTEe+Yx4zHX8OWbyHpfc:Tob896hTEe+oiXri

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  d1c52f500fe620d450a48ea562726d7f8e6e0d400a7c0bc7d24c62d40c2b78f3
- Size
  
  132KB
- MD5
  
  2f971baf0a759d1d4553836e8400ff4d
- SHA1
  
  050403629a08b7d7b11057aeb4d81dcaac3d8fbb
- SHA256
  
  d1c52f500fe620d450a48ea562726d7f8e6e0d400a7c0bc7d24c62d40c2b78f3
- SHA512
  
  b945f56a35459a18a67ef1b10b6c3edd506917c0ef0c1781cf974fb84b50299a061dc60612cb7c647b7cfa94d8bca64ae982d4f13a5ef79d81feb599a26172e0
- SSDEEP
  
  3072:9hA3bL1N6ctwR1tCiANhTEe+Yx4zHX8OWbyHpfc:Tob896hTEe+oiXri
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2