f704725317f9178058a2d38b1e618bb9148681f12b7f64f00993beda57103022 | Triage

Sharing

General

Target

f704725317f9178058a2d38b1e618bb9148681f12b7f64f00993beda57103022
Size

396KB
Sample

221204-pxcq9adh5t
MD5

47082688e95a6259501a16350f40eb7b
SHA1

a6aca327fb79cf04dcd4c8f7ef173fd17dc4500a
SHA256

f704725317f9178058a2d38b1e618bb9148681f12b7f64f00993beda57103022
SHA512

9147654443c9fdd798a57a61ead566c37a15d6df386bb3f6fe4dfbd7f88b651908bbc2dbe07a2d9e76a5a3c584c29f0562c189ada86b731e12923946f99d09be
SSDEEP

6144:O0KPMM1X5SgldM4wvsdyZoaDebg1C0S5a/TbxFRW5CKsUhTg4bI5ddLzScyp6hl6:jKPMMx5SEdXYj1W2T9HOg4wdwcn6

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  f704725317f9178058a2d38b1e618bb9148681f12b7f64f00993beda57103022
- Size
  
  396KB
- MD5
  
  47082688e95a6259501a16350f40eb7b
- SHA1
  
  a6aca327fb79cf04dcd4c8f7ef173fd17dc4500a
- SHA256
  
  f704725317f9178058a2d38b1e618bb9148681f12b7f64f00993beda57103022
- SHA512
  
  9147654443c9fdd798a57a61ead566c37a15d6df386bb3f6fe4dfbd7f88b651908bbc2dbe07a2d9e76a5a3c584c29f0562c189ada86b731e12923946f99d09be
- SSDEEP
  
  6144:O0KPMM1X5SgldM4wvsdyZoaDebg1C0S5a/TbxFRW5CKsUhTg4bI5ddLzScyp6hl6:jKPMMx5SEdXYj1W2T9HOg4wdwcn6
Score

8^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence