a6bb313be562d9e34b1467057c842f89a92c7c99d180b6361e9bdbd4b5cfffc7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6bb313be562d9e34b1467057c842f89a92c7c99d180b6361e9bdbd4b5cfffc7
Size

196KB
Sample

221204-ntqy2aae3s
MD5

113e0e2b9c4adc268f240f2c91630910
SHA1

2adc00f54b92098c70e2be1503ccf02059961a2e
SHA256

a6bb313be562d9e34b1467057c842f89a92c7c99d180b6361e9bdbd4b5cfffc7
SHA512

f574df66570943a8599800ee3d01271bee9c8cc51a54e4b0e63b8d8044b5b6e9d0dfa234e611750c2828196a9130e55db7cef69877ae285fce73980b6ada3bdc
SSDEEP

3072:TR0UuXS7iWvsYOlGQtFRGYTGiH8VLGCWgCror4UqITzGd0:TR0tXqvsYOlGQtFRsWkLGXY4Ub+e

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a6bb313be562d9e34b1467057c842f89a92c7c99d180b6361e9bdbd4b5cfffc7
- Size
  
  196KB
- MD5
  
  113e0e2b9c4adc268f240f2c91630910
- SHA1
  
  2adc00f54b92098c70e2be1503ccf02059961a2e
- SHA256
  
  a6bb313be562d9e34b1467057c842f89a92c7c99d180b6361e9bdbd4b5cfffc7
- SHA512
  
  f574df66570943a8599800ee3d01271bee9c8cc51a54e4b0e63b8d8044b5b6e9d0dfa234e611750c2828196a9130e55db7cef69877ae285fce73980b6ada3bdc
- SSDEEP
  
  3072:TR0UuXS7iWvsYOlGQtFRGYTGiH8VLGCWgCror4UqITzGd0:TR0tXqvsYOlGQtFRsWkLGXY4Ub+e
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2