b2fbdd6c99d3763a0b4735a3e9aa47a1f9bf785c3012171218cc90493247932e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b2fbdd6c99d3763a0b4735a3e9aa47a1f9bf785c3012171218cc90493247932e
Size

325KB
Sample

221206-arw6dabd87
MD5

3ec1a9e77243d5f347e4d9975eedfabf
SHA1

d408cfb4f54d70391e50f88aebd8512b23ee81b5
SHA256

b2fbdd6c99d3763a0b4735a3e9aa47a1f9bf785c3012171218cc90493247932e
SHA512

36f0cbceb5d17fa44fd05506b730b43da502281c17b9a0b75eaeafdda9d61f3e162347493aa13181dbd1a448522972849de69d14a55c54bbbea24a645af9d93b
SSDEEP

6144:PSjqGdPuJWymSJPaxxrFiQbUyGO9wYscUi:P6qiByxPaLsWgODsQ

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  b2fbdd6c99d3763a0b4735a3e9aa47a1f9bf785c3012171218cc90493247932e
- Size
  
  325KB
- MD5
  
  3ec1a9e77243d5f347e4d9975eedfabf
- SHA1
  
  d408cfb4f54d70391e50f88aebd8512b23ee81b5
- SHA256
  
  b2fbdd6c99d3763a0b4735a3e9aa47a1f9bf785c3012171218cc90493247932e
- SHA512
  
  36f0cbceb5d17fa44fd05506b730b43da502281c17b9a0b75eaeafdda9d61f3e162347493aa13181dbd1a448522972849de69d14a55c54bbbea24a645af9d93b
- SSDEEP
  
  6144:PSjqGdPuJWymSJPaxxrFiQbUyGO9wYscUi:P6qiByxPaLsWgODsQ
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2