6b12f75eb3395440b1b89e56667f1b242704f91690ec41d8d99da7e1bac02c6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a72352655981eeb2324c59058a84756
Size

272KB
Sample

231225-yx8y5afhfr
MD5

3a72352655981eeb2324c59058a84756
SHA1

640ed67eff07d982dea2c66f5688e2ff49d243aa
SHA256

6b12f75eb3395440b1b89e56667f1b242704f91690ec41d8d99da7e1bac02c6f
SHA512

e5e26c3f74d062a0ee07d96a4103f880ac0b8caf6a9b9e528e53bf7879c78d7c7149a7b7b7e9be25a13c1571e336d94591aee426693cde4c3c537ff84ecc4625
SSDEEP

6144:pSOMTgCpkHPjSqFvxYJ+rpJSk4rA/xEGWFZrx7N1ZzbB:pSOMTgFrSqFvxY8rpf4rAJxWLH1z

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  3a72352655981eeb2324c59058a84756
- Size
  
  272KB
- MD5
  
  3a72352655981eeb2324c59058a84756
- SHA1
  
  640ed67eff07d982dea2c66f5688e2ff49d243aa
- SHA256
  
  6b12f75eb3395440b1b89e56667f1b242704f91690ec41d8d99da7e1bac02c6f
- SHA512
  
  e5e26c3f74d062a0ee07d96a4103f880ac0b8caf6a9b9e528e53bf7879c78d7c7149a7b7b7e9be25a13c1571e336d94591aee426693cde4c3c537ff84ecc4625
- SSDEEP
  
  6144:pSOMTgCpkHPjSqFvxYJ+rpJSk4rA/xEGWFZrx7N1ZzbB:pSOMTgFrSqFvxY8rpf4rAJxWLH1z
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2