8c6e0eda00e71795bfc4c46a2e2cc6c319d5e9af11c1fb70cdfd2780f5746888 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c6e0eda00e71795bfc4c46a2e2cc6c319d5e9af11c1fb70cdfd2780f5746888
Size

555KB
Sample

221206-3gn18sgf91
MD5

cb2fbd5dfe94f7ecfd01b8646ea34c60
SHA1

99abc3533940642ef9104aa53a461fd8f0dc1ee4
SHA256

8c6e0eda00e71795bfc4c46a2e2cc6c319d5e9af11c1fb70cdfd2780f5746888
SHA512

429943ef65c771c3a044181a3732b703ea969a215114aabdf090309f908a56869670988b00f1cbede8806931bc22193ca4ba03bb849b19f29fe4f67d903490eb
SSDEEP

12288:TVAD0ESLJUfKxFHIAZ9ts+3XELdq3I9nC:T00Z8KPoA32+kLdeF

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8c6e0eda00e71795bfc4c46a2e2cc6c319d5e9af11c1fb70cdfd2780f5746888
- Size
  
  555KB
- MD5
  
  cb2fbd5dfe94f7ecfd01b8646ea34c60
- SHA1
  
  99abc3533940642ef9104aa53a461fd8f0dc1ee4
- SHA256
  
  8c6e0eda00e71795bfc4c46a2e2cc6c319d5e9af11c1fb70cdfd2780f5746888
- SHA512
  
  429943ef65c771c3a044181a3732b703ea969a215114aabdf090309f908a56869670988b00f1cbede8806931bc22193ca4ba03bb849b19f29fe4f67d903490eb
- SSDEEP
  
  12288:TVAD0ESLJUfKxFHIAZ9ts+3XELdq3I9nC:T00Z8KPoA32+kLdeF
Score

8^/10

persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2