e1b364eae5f33da2145fce7960de4bf426980fbeb7411ebd7670f4871d2d40ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

iX8fX0qb.exe
Size

577KB
Sample

231024-gvmvfaba7s
MD5

f48351d6ee642f4326f80587f9f6dd5b
SHA1

7646e2a15d0e878eb99156f25d785baed488f19a
SHA256

e1b364eae5f33da2145fce7960de4bf426980fbeb7411ebd7670f4871d2d40ea
SHA512

1e49895ad3b452754d4f176b105cad4aced4d62fa548b5d2d755e59eeff44ef3dc6033db07e049c1e1e3907695090fbc0cf5c01bccad07cdede596ed16553f66
SSDEEP

12288:JMrCy905FRfrjj22+5Wur7VMcdgyImohvKqsiyYItOdhZIJWKOVzmlf:PysR/6Wur7KUg9N5hsij4CZIJAz+f

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  iX8fX0qb.exe
- Size
  
  577KB
- MD5
  
  f48351d6ee642f4326f80587f9f6dd5b
- SHA1
  
  7646e2a15d0e878eb99156f25d785baed488f19a
- SHA256
  
  e1b364eae5f33da2145fce7960de4bf426980fbeb7411ebd7670f4871d2d40ea
- SHA512
  
  1e49895ad3b452754d4f176b105cad4aced4d62fa548b5d2d755e59eeff44ef3dc6033db07e049c1e1e3907695090fbc0cf5c01bccad07cdede596ed16553f66
- SSDEEP
  
  12288:JMrCy905FRfrjj22+5Wur7VMcdgyImohvKqsiyYItOdhZIJWKOVzmlf:PysR/6Wur7KUg9N5hsij4CZIJAz+f
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2