8d33e937be653c0416264c4bfcdde675618746e392fd5d72d7059ec4000e1209 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d33e937be653c0416264c4bfcdde675618746e392fd5d72d7059ec4000e1209
Size

38KB
Sample

221205-p5t1hafc41
MD5

0a9acf2df91bf9829b307b4c92f491bd
SHA1

1203692395da93f07c4deae49a051addd7cb40a1
SHA256

8d33e937be653c0416264c4bfcdde675618746e392fd5d72d7059ec4000e1209
SHA512

4cde75cd10a5a3a7436061ad67ed913ed704fca7fd6ff8258896cf26700aed45695f0294f763d9d835a98fcb9c2a24b2fecc78ad7b506e3b07c71be27dcb0039
SSDEEP

768:qZrumNmZiBaR6hz8cAwssQAEE7GvSLWXanqyoO0qoGcCw+zNcT868R8Z8s888m8b:qdNmZiBaR6hz8cAwssQAEE7GvSLWXanV

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8d33e937be653c0416264c4bfcdde675618746e392fd5d72d7059ec4000e1209
- Size
  
  38KB
- MD5
  
  0a9acf2df91bf9829b307b4c92f491bd
- SHA1
  
  1203692395da93f07c4deae49a051addd7cb40a1
- SHA256
  
  8d33e937be653c0416264c4bfcdde675618746e392fd5d72d7059ec4000e1209
- SHA512
  
  4cde75cd10a5a3a7436061ad67ed913ed704fca7fd6ff8258896cf26700aed45695f0294f763d9d835a98fcb9c2a24b2fecc78ad7b506e3b07c71be27dcb0039
- SSDEEP
  
  768:qZrumNmZiBaR6hz8cAwssQAEE7GvSLWXanqyoO0qoGcCw+zNcT868R8Z8s888m8b:qdNmZiBaR6hz8cAwssQAEE7GvSLWXanV
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2