09bd4cbd6847f622d01ef56bd1f46d013a9a2ebf1b1c68ae79e6076d2f70e501 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f60864fc2363fc1a7c34df7b56e2796
Size

18KB
Sample

231225-jgdeysddam
MD5

0f60864fc2363fc1a7c34df7b56e2796
SHA1

c65cea2a3c6d783e54948d43356093448a3677f8
SHA256

09bd4cbd6847f622d01ef56bd1f46d013a9a2ebf1b1c68ae79e6076d2f70e501
SHA512

069fa9092484c6bb911200e42c281faf1fabd84a7550503dc2d32aee9df0ebd0932e8d8071090238a50ec997ddba73c79f155240445e4b8a3afb67b124cabd16
SSDEEP

384:rKifWQtnwOcw+weaGVmTBxutW6HVOQFFjSl3RO2LHcekZdpUIZ27CTJiQw7:JfltnLcDwNMmTBxgWMQ4SzOGHxkZdphu

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  www.policia.gov.co.operatividad.listado.paginas.webs.reportadas.como.fraudulentas.exe
- Size
  
  72KB
- MD5
  
  2065cd1d4d101b247817d854184dea3a
- SHA1
  
  7231bc5f325c2ec8cc907a5fc04406c1ebdaa10a
- SHA256
  
  5d8f19ae8a4bc85be32f6882efdfbaae8b0b2eac95749d78f6eebda9c35f2205
- SHA512
  
  feddebb3f5fed83a0dd81c390f434b107750891db22a6e8076a7d74c03b5b3e88197d8526559eefa949843fbbfb8b8ce6b363b9786b8af7135109c319dad9746
- SSDEEP
  
  768:2vugyQAW8kepUWGK25NV3DEpmt7/CQpp/SlRv0fF82Bv5drS4+vshEVvdR2PhY:2vvKWJepUtlSlRv062TV/8X2
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2