d8098edcea87b4803f14442aae9ebdc16a5eae6430848b1ee28aa7d95826960e | Triage

Sharing

General

Target

d8098edcea87b4803f14442aae9ebdc16a5eae6430848b1ee28aa7d95826960e
Size

156KB
Sample

221206-t91fashe8t
MD5

1f3cffb930241fe620060b048b68cc4c
SHA1

37f662caa8e0758610bc7954c70bea3fa982fd99
SHA256

d8098edcea87b4803f14442aae9ebdc16a5eae6430848b1ee28aa7d95826960e
SHA512

95f797af1fb096df1eb547a2a8fe1c8dd2548d097365b5603fb5ad412d59d7297a65109e2e773f7db5877461e940054120b72ae92ae549edf4493ef99aafd57f
SSDEEP

3072:NwymLQGkJyPw6DIh2xLI700akBYAxPbymLQGkST:0LQDJySh26780lLQDy

Score

8^/10

Malware Config

Targets

- Target
  
  d8098edcea87b4803f14442aae9ebdc16a5eae6430848b1ee28aa7d95826960e
- Size
  
  156KB
- MD5
  
  1f3cffb930241fe620060b048b68cc4c
- SHA1
  
  37f662caa8e0758610bc7954c70bea3fa982fd99
- SHA256
  
  d8098edcea87b4803f14442aae9ebdc16a5eae6430848b1ee28aa7d95826960e
- SHA512
  
  95f797af1fb096df1eb547a2a8fe1c8dd2548d097365b5603fb5ad412d59d7297a65109e2e773f7db5877461e940054120b72ae92ae549edf4493ef99aafd57f
- SSDEEP
  
  3072:NwymLQGkJyPw6DIh2xLI700akBYAxPbymLQGkST:0LQDJySh26780lLQDy
Score

8^/10
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2