aff770ca9c3f11e858d46027b5313e302bb3ebe1e970e886913f8619d2a52ee4 | Triage

Sharing

General

Target

aff770ca9c3f11e858d46027b5313e302bb3ebe1e970e886913f8619d2a52ee4
Size

345KB
Sample

221204-gea6psbd45
MD5

3573ae2f0fc7906647c4d5ae40ccf5ce
SHA1

3e96da3eac35005ad11a7790be33077820f4fb5b
SHA256

aff770ca9c3f11e858d46027b5313e302bb3ebe1e970e886913f8619d2a52ee4
SHA512

d5e88622ab7f72b46fb4af82947c34a901975b74caa9e28913a980424fe70b2d863ed39d3e78bc9ef9267e7f637f22f331341d405587ae1eeeaeef42c3ab9d1f
SSDEEP

6144:joKC4aGm1USwU9sllfoMKeUcrkqk2EmYqlVskmeHUt+J53VV/z55m+m8w:AHbwHLf9KedkoEmlzJUeFWCw

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  aff770ca9c3f11e858d46027b5313e302bb3ebe1e970e886913f8619d2a52ee4
- Size
  
  345KB
- MD5
  
  3573ae2f0fc7906647c4d5ae40ccf5ce
- SHA1
  
  3e96da3eac35005ad11a7790be33077820f4fb5b
- SHA256
  
  aff770ca9c3f11e858d46027b5313e302bb3ebe1e970e886913f8619d2a52ee4
- SHA512
  
  d5e88622ab7f72b46fb4af82947c34a901975b74caa9e28913a980424fe70b2d863ed39d3e78bc9ef9267e7f637f22f331341d405587ae1eeeaeef42c3ab9d1f
- SSDEEP
  
  6144:joKC4aGm1USwU9sllfoMKeUcrkqk2EmYqlVskmeHUt+J53VV/z55m+m8w:AHbwHLf9KedkoEmlzJUeFWCw
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2