4fb8c1347c9e520c1a6d21540d1bd2453651038f44ed8eb24948f55a1d6ecd41 | Triage

Sharing

General

Target

NEAS.NEASNEAS4fb8c1347c9e520c1a6d21540d1bd2453651038f44ed8eb24948f55a1d6ecd41exeexeexe_JC.exe
Size

1.7MB
Sample

231013-t8g8bsbh31
MD5

d5b310c4152bc3bedbcb88d855377d77
SHA1

16c64f2dc8a3b97fa22c834f8cbb12de994cbf5a
SHA256

4fb8c1347c9e520c1a6d21540d1bd2453651038f44ed8eb24948f55a1d6ecd41
SHA512

3491010b479ca022671522a0d2c5d20621e7890e6de86f2eefc54ee145d4f027d421b409099c944e7a3afd9c672506b72bdb27ca28df2c10b07a91890b423577
SSDEEP

49152:T8mdIHWVogwK5/AXx1RPIf44B81jKn/VS5pXw6QY:T8mdIHW/JKyl+Fl5QY

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.NEASNEAS4fb8c1347c9e520c1a6d21540d1bd2453651038f44ed8eb24948f55a1d6ecd41exeexeexe_JC.exe
- Size
  
  1.7MB
- MD5
  
  d5b310c4152bc3bedbcb88d855377d77
- SHA1
  
  16c64f2dc8a3b97fa22c834f8cbb12de994cbf5a
- SHA256
  
  4fb8c1347c9e520c1a6d21540d1bd2453651038f44ed8eb24948f55a1d6ecd41
- SHA512
  
  3491010b479ca022671522a0d2c5d20621e7890e6de86f2eefc54ee145d4f027d421b409099c944e7a3afd9c672506b72bdb27ca28df2c10b07a91890b423577
- SSDEEP
  
  49152:T8mdIHWVogwK5/AXx1RPIf44B81jKn/VS5pXw6QY:T8mdIHW/JKyl+Fl5QY
Score

7^/10

persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2