89bb2a6bc5ed25aec463f62164ad4124c8e9eea948d144863be3ae39f0e3da04 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89bb2a6bc5ed25aec463f62164ad4124c8e9eea948d144863be3ae39f0e3da04
Size

164KB
Sample

221206-av8zcaed8w
MD5

a72cbc2a6891346745e00d3bb105b403
SHA1

310ca39a07c2d0e952de79bd1d2d7a812b33ad21
SHA256

89bb2a6bc5ed25aec463f62164ad4124c8e9eea948d144863be3ae39f0e3da04
SHA512

5c3c4a76472320af87b0e3566c6d6df63c90af509b5c2daa69b76f4fb37071b5e99c736130c245340e3fba6980b3ef1964a4ae59183db55fa03371847b656023
SSDEEP

3072:2dP0S9ogy9eWlHYKyefI0RzRD9s5csmRw7EYRBB5xs:y0SZy9e6YKyKRzRZyc5Rw7Z7B5m

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  89bb2a6bc5ed25aec463f62164ad4124c8e9eea948d144863be3ae39f0e3da04
- Size
  
  164KB
- MD5
  
  a72cbc2a6891346745e00d3bb105b403
- SHA1
  
  310ca39a07c2d0e952de79bd1d2d7a812b33ad21
- SHA256
  
  89bb2a6bc5ed25aec463f62164ad4124c8e9eea948d144863be3ae39f0e3da04
- SHA512
  
  5c3c4a76472320af87b0e3566c6d6df63c90af509b5c2daa69b76f4fb37071b5e99c736130c245340e3fba6980b3ef1964a4ae59183db55fa03371847b656023
- SSDEEP
  
  3072:2dP0S9ogy9eWlHYKyefI0RzRD9s5csmRw7EYRBB5xs:y0SZy9e6YKyKRzRZyc5Rw7Z7B5m
Score

8^/10

persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2