e1bfbf2570a9f819b179e465cf8c8053f9e62d290571a3c6f768477e1044b0f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1bfbf2570a9f819b179e465cf8c8053f9e62d290571a3c6f768477e1044b0f5
Size

1.5MB
Sample

221204-q2csgshd4x
MD5

1efba2213430fdbc3fbf4003d22c8ae7
SHA1

f576752fbdef68ba2eb19fad2b96fc5bf5febe04
SHA256

e1bfbf2570a9f819b179e465cf8c8053f9e62d290571a3c6f768477e1044b0f5
SHA512

51555f3b838e47796a3098c8a42b4981ff6968154f07fab7b02860d3564de1546bfeb450217217aec3ec1a2d1a0f08e5cd366e80a12f766979abacc62bd88ea4
SSDEEP

49152:16IL+PrIXWFG0f4uLccgfwTmVj7RinVPaOhEX+:16eUF80QuLccQgFhE

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  e1bfbf2570a9f819b179e465cf8c8053f9e62d290571a3c6f768477e1044b0f5
- Size
  
  1.5MB
- MD5
  
  1efba2213430fdbc3fbf4003d22c8ae7
- SHA1
  
  f576752fbdef68ba2eb19fad2b96fc5bf5febe04
- SHA256
  
  e1bfbf2570a9f819b179e465cf8c8053f9e62d290571a3c6f768477e1044b0f5
- SHA512
  
  51555f3b838e47796a3098c8a42b4981ff6968154f07fab7b02860d3564de1546bfeb450217217aec3ec1a2d1a0f08e5cd366e80a12f766979abacc62bd88ea4
- SSDEEP
  
  49152:16IL+PrIXWFG0f4uLccgfwTmVj7RinVPaOhEX+:16eUF80QuLccQgFhE
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2