cef72a0521f02abcf4eeb38727a3f7cc2f21a1b9c3497dfeab5db2235286bd67 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cef72a0521f02abcf4eeb38727a3f7cc2f21a1b9c3497dfeab5db2235286bd67
Size

791KB
Sample

221203-py7m1sbe25
MD5

ed375c99f2e1f40b1a3d1968769275b0
SHA1

928c750eee8529659c35d96fef627d92cae51b06
SHA256

cef72a0521f02abcf4eeb38727a3f7cc2f21a1b9c3497dfeab5db2235286bd67
SHA512

263d8584c3d6d2c62c0bf26cfa660dbd2f14fed8bd8291db6de384b27df5d4f784b9a56efa8c7c882596f19813f97afe093b2ab2539dd91d759d9687d2fd04e3
SSDEEP

12288:viPHaQ4ePNhG9r1B3wecl59FjXbMX6rsW+1H/decS00BR9pTgbOyufAvw:q/aQ7jQYldQY6dOPZgbODfkw

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  cef72a0521f02abcf4eeb38727a3f7cc2f21a1b9c3497dfeab5db2235286bd67
- Size
  
  791KB
- MD5
  
  ed375c99f2e1f40b1a3d1968769275b0
- SHA1
  
  928c750eee8529659c35d96fef627d92cae51b06
- SHA256
  
  cef72a0521f02abcf4eeb38727a3f7cc2f21a1b9c3497dfeab5db2235286bd67
- SHA512
  
  263d8584c3d6d2c62c0bf26cfa660dbd2f14fed8bd8291db6de384b27df5d4f784b9a56efa8c7c882596f19813f97afe093b2ab2539dd91d759d9687d2fd04e3
- SSDEEP
  
  12288:viPHaQ4ePNhG9r1B3wecl59FjXbMX6rsW+1H/decS00BR9pTgbOyufAvw:q/aQ7jQYldQY6dOPZgbODfkw
Score

9^/10

evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2