General
-
Target
3c557b2a38f0f9b301289899d546d5b8
-
Size
258KB
-
Sample
231225-zpekzsbebm
-
MD5
3c557b2a38f0f9b301289899d546d5b8
-
SHA1
95366616c65bc693e1148ff3c8918a6243f12818
-
SHA256
d00d64a84b152981491917d85fbb37f7c0437d4c993cf853784a398e7e9126d6
-
SHA512
638e29fff7cddc088565005c5d21c7eaf6f94fc5c271d13429e60c7c81590ca4ea124cfdf7d0b92e8569a43ff87bc256c803f877b2cbe11a9c3adab7e256e034
-
SSDEEP
6144:ToerTIAXJGkD9ERl5Tj2HrrGwzBACNf7xW:ToerXokJERHSHXXz2CxxW
Malware Config
Targets
-
-
Target
3c557b2a38f0f9b301289899d546d5b8
-
Size
258KB
-
MD5
3c557b2a38f0f9b301289899d546d5b8
-
SHA1
95366616c65bc693e1148ff3c8918a6243f12818
-
SHA256
d00d64a84b152981491917d85fbb37f7c0437d4c993cf853784a398e7e9126d6
-
SHA512
638e29fff7cddc088565005c5d21c7eaf6f94fc5c271d13429e60c7c81590ca4ea124cfdf7d0b92e8569a43ff87bc256c803f877b2cbe11a9c3adab7e256e034
-
SSDEEP
6144:ToerTIAXJGkD9ERl5Tj2HrrGwzBACNf7xW:ToerXokJERHSHXXz2CxxW
Score8/10-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1