aac774e4223a0d0b3af21a99c0a49789ed3763941dbb7f9cd6e3318273118704 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aac774e4223a0d0b3af21a99c0a49789ed3763941dbb7f9cd6e3318273118704
Size

152KB
Sample

221205-lfnkmsba8x
MD5

3fca3b9f06c26383937e85948b21db80
SHA1

aa382732456d268554509dc9c15125d704507e12
SHA256

aac774e4223a0d0b3af21a99c0a49789ed3763941dbb7f9cd6e3318273118704
SHA512

3c8374eaec01b5542c470d750f274d6f1fe5a821a03380afdaec59db34221ab3d57e4d800760d98f2a4a388885f4994dffbd48e7c103f052f570941cd05c5d58
SSDEEP

3072:xKs5eTGJ0f/SgH5t/fzq+ysxyTkfpO0XvyFMrdd:ws5eiJ0f/S2Bbq+ywikfp1XKKrn

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  aac774e4223a0d0b3af21a99c0a49789ed3763941dbb7f9cd6e3318273118704
- Size
  
  152KB
- MD5
  
  3fca3b9f06c26383937e85948b21db80
- SHA1
  
  aa382732456d268554509dc9c15125d704507e12
- SHA256
  
  aac774e4223a0d0b3af21a99c0a49789ed3763941dbb7f9cd6e3318273118704
- SHA512
  
  3c8374eaec01b5542c470d750f274d6f1fe5a821a03380afdaec59db34221ab3d57e4d800760d98f2a4a388885f4994dffbd48e7c103f052f570941cd05c5d58
- SSDEEP
  
  3072:xKs5eTGJ0f/SgH5t/fzq+ysxyTkfpO0XvyFMrdd:ws5eiJ0f/S2Bbq+ywikfp1XKKrn
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2