a3e9f1fd2e8c52822f2866d60365584ff5ad91db3d0c84f302acad495b49f5e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3e9f1fd2e8c52822f2866d60365584ff5ad91db3d0c84f302acad495b49f5e7
Size

53KB
Sample

221205-mam8csdh4x
MD5

05f2370ad0bd1c699496527021750b3a
SHA1

7d2d3c1c6c906f5d9b1d517d724bcc1796ed5954
SHA256

a3e9f1fd2e8c52822f2866d60365584ff5ad91db3d0c84f302acad495b49f5e7
SHA512

a35a1c941249a0dc066c9923f912ed51fb318a80d58e9ae7a84fa22dc99adb8fec85a5b0119cb9b80a067fbfd9a79f0616c80ca4c3915a5f92552fffe2a5d7ed
SSDEEP

1536:o7NYTMej9LHCkRXzUI+TO5hOZ9RnglO6y/uD:o7NYTM89LHPRXzUIL0DgI50

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  edu/linguistics/vocab/OnlineHelp.class
- Size
  
  2KB
- MD5
  
  c279615557d7a6a14530af2219e0e6eb
- SHA1
  
  6d44be086a69e46156577d05a5686b00295f3e9a
- SHA256
  
  5fe98081260e070fad70d259ad388ec564edf76d4944a79fda8d6b6ef4e8454d
- SHA512
  
  d29ca8f5e0f4b1225d2a53d00cb3cc3bcf6447874707c53ffc30bcba40a35a4c649b89bfd5712ca161b7559bc5e88180b5e8e45e862eaf9ebac89a138d19fb0d
Score

3^/10
behavioral1 behavioral2
- Target
  
  edu/linguistics/vocab/ProcessTimer$StudyThread.class
- Size
  
  1KB
- MD5
  
  e5e38f2950c7b067f122a7ceab5d2eaa
- SHA1
  
  cd985d3af7f9ae51557f39a3b6006d09c430e604
- SHA256
  
  8db87d493d1f25e32434a3ef5412c97f581350ef860a7a0cb8b4c4959471ad2c
- SHA512
  
  b54a48b7262108ffb7adb96b94747a7ceaa0c119d605501c361950ebb0c03c739009166c03d8f992569d8e725a2e2d3867bffd69af9e5d50b4fdd1ef7b4fb395
Score

3^/10
behavioral3 behavioral4
- Target
  
  edu/linguistics/vocab/ProcessTimer.class
- Size
  
  3KB
- MD5
  
  810d8d29adf3696f485ae531c8dedfd4
- SHA1
  
  be88ee0d208115e7173da7adb1c79a0ff4377373
- SHA256
  
  21685fb89047c8c85b709ff31cc2e72952fa8db8df6008729ace360005da6a62
- SHA512
  
  f83315cbeb3f191a033bb97191401d8b224934358fdb07d409072fbd8af07ab08e33c815fee5cfd8730f777b2184cfd85e0a967fc7f1b927eb458ee91ab3a28b
Score

3^/10
behavioral5 behavioral6
- Target
  
  edu/linguistics/vocab/Vocab.class
- Size
  
  2KB
- MD5
  
  5ce801a7e466e6dce5b0f2b1344e4a62
- SHA1
  
  7bcff601d5cd3d04eff224fd730958c994613245
- SHA256
  
  b82b71047857c235410c71ee1be80d9cf3dee66ffe2133e6f18ca77a2ba9a36c
- SHA512
  
  c8b20018ede5b77e2368c40cf2cb9fe9e62ad6140afcf8a1bb3b37a690e14f2c3ccf3e1b05217774d495015c5597aedffdabb81a5380c9e4594f51159818f723
Score

3^/10
behavioral7 behavioral8
- Target
  
  resources/chat.dat
- Size
  
  73KB
- MD5
  
  8e63c6b141e596c04cfcec5ef0254549
- SHA1
  
  02a0c6bc8f60ac5d67f59db3e537c9b432852faf
- SHA256
  
  c225fb7111d37a5713e78df6d8d9d630b526d91697dff03b44d6d8142f1db3f0
- SHA512
  
  dbd20170e6548e0177e522c8fc34cbaeeddef30fc1d48c2b438da997a7a1d3e601923372d07bb040cde9ec13c07a23f45c63f5bb9078b2aff5716ea7fb3330f7
- SSDEEP
  
  1536:uc09P4NQdSCCDAIScnMYVPqpX73FDHROYcsRZjTh5InV:uB9P4NQdu51UpXLFrROYlZjtcV
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10