218150c8d3e13fd5de782d48a45433b76d64a4f82feb9e4853543b1c8a9a1498 | Triage

Sharing

General

Target

218150c8d3e13fd5de782d48a45433b76d64a4f82feb9e4853543b1c8a9a1498
Size

1.3MB
Sample

230205-femztsgc57
MD5

21fc808d0840be3366ef79e5a15c51a4
SHA1

c9c3d63a7fa8f99766fb0560dd14a70e90e57c4a
SHA256

218150c8d3e13fd5de782d48a45433b76d64a4f82feb9e4853543b1c8a9a1498
SHA512

8a31f7f6a13ac29bab131af93908f76434457039d6be69158bbc7991bb73d5871fed2cb16ef68076ba614128fdeb73c30043f038cb4e2f41d1d311c2554361fa
SSDEEP

12288:X2hfjFNHUaymttZedE59j8fmVuXQ54jNg6QDloO7pe54ZHW4WASSxqHs9Enat0N+:QjDUaFbwWqW6H5QHWjiqH67V0AMwrdb

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  218150c8d3e13fd5de782d48a45433b76d64a4f82feb9e4853543b1c8a9a1498
- Size
  
  1.3MB
- MD5
  
  21fc808d0840be3366ef79e5a15c51a4
- SHA1
  
  c9c3d63a7fa8f99766fb0560dd14a70e90e57c4a
- SHA256
  
  218150c8d3e13fd5de782d48a45433b76d64a4f82feb9e4853543b1c8a9a1498
- SHA512
  
  8a31f7f6a13ac29bab131af93908f76434457039d6be69158bbc7991bb73d5871fed2cb16ef68076ba614128fdeb73c30043f038cb4e2f41d1d311c2554361fa
- SSDEEP
  
  12288:X2hfjFNHUaymttZedE59j8fmVuXQ54jNg6QDloO7pe54ZHW4WASSxqHs9Enat0N+:QjDUaFbwWqW6H5QHWjiqH67V0AMwrdb
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2