ff60ec24eec3e35a9fae62b387f4b6bd945dcacb0db96559718824ace302b3e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff60ec24eec3e35a9fae62b387f4b6bd945dcacb0db96559718824ace302b3e6
Size

276KB
Sample

221205-m6dnssgf3z
MD5

6cd4d58e2df0b6d543430f36b4591b78
SHA1

48cbe0cebb496911cb20df6dbe1aef9f8cc7575e
SHA256

ff60ec24eec3e35a9fae62b387f4b6bd945dcacb0db96559718824ace302b3e6
SHA512

9bb441687503b965ea7ef5583ce3f9e1cb28aa087d644af315d88a15ac6411f8891125eeb282a4723f5ca09c1e29a4449069132fc87cef756c29e141639c6d0a
SSDEEP

6144:O9VnIoCin4ymX5jGOiXxK0JwoDRyi8cbHMBo:crlT2SOiKoYiHt

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  ff60ec24eec3e35a9fae62b387f4b6bd945dcacb0db96559718824ace302b3e6
- Size
  
  276KB
- MD5
  
  6cd4d58e2df0b6d543430f36b4591b78
- SHA1
  
  48cbe0cebb496911cb20df6dbe1aef9f8cc7575e
- SHA256
  
  ff60ec24eec3e35a9fae62b387f4b6bd945dcacb0db96559718824ace302b3e6
- SHA512
  
  9bb441687503b965ea7ef5583ce3f9e1cb28aa087d644af315d88a15ac6411f8891125eeb282a4723f5ca09c1e29a4449069132fc87cef756c29e141639c6d0a
- SSDEEP
  
  6144:O9VnIoCin4ymX5jGOiXxK0JwoDRyi8cbHMBo:crlT2SOiKoYiHt
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2