e727db9d24baa20a57122ecf4935dce6ee7e2f47b905bff66922cf124fdfdc8d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b56344afe870ab14aeb6c2d136942ef
Size

137KB
Sample

231226-cg84asgac4
MD5

4b56344afe870ab14aeb6c2d136942ef
SHA1

91dea465ce8d4ed893058f9abfb617eb3d9209fa
SHA256

e727db9d24baa20a57122ecf4935dce6ee7e2f47b905bff66922cf124fdfdc8d
SHA512

6a3ec591cfb1fa124bf9637e44aaa12479e1e59d17596414843fdc248432cba5d6b83cbe2c87f325f16f21ddcd6f10b5974028d8e4f2fb58247d097ec9ccad83
SSDEEP

3072:3zSz6WhpyndlVVhnIktaibfe362Qa7RjIC6bD81+QZyyy4DI9Uc+:DSzadh1Db23fQwRjp0yy4MCc+

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  4b56344afe870ab14aeb6c2d136942ef
- Size
  
  137KB
- MD5
  
  4b56344afe870ab14aeb6c2d136942ef
- SHA1
  
  91dea465ce8d4ed893058f9abfb617eb3d9209fa
- SHA256
  
  e727db9d24baa20a57122ecf4935dce6ee7e2f47b905bff66922cf124fdfdc8d
- SHA512
  
  6a3ec591cfb1fa124bf9637e44aaa12479e1e59d17596414843fdc248432cba5d6b83cbe2c87f325f16f21ddcd6f10b5974028d8e4f2fb58247d097ec9ccad83
- SSDEEP
  
  3072:3zSz6WhpyndlVVhnIktaibfe362Qa7RjIC6bD81+QZyyy4DI9Uc+:DSzadh1Db23fQwRjp0yy4MCc+
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2