b18e50f2581933b5afbf88dd7b4ceddcb6b0f0283fe82876a908191350f628a7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9fee676404cf901fd2eb69f7840fb07
Size

153KB
Sample

231228-1h43qsaber
MD5

f9fee676404cf901fd2eb69f7840fb07
SHA1

a3b24e14cccb214ff9028855cd309f05f27dac65
SHA256

b18e50f2581933b5afbf88dd7b4ceddcb6b0f0283fe82876a908191350f628a7
SHA512

a05d99fa00dd7df99d3f8701e4dadf733f5a10cd20e3f7a108c60f7e0e5b79f68f618e2e4949cb620d60871686b6c9f4ebe04b955d6d8298df8a2769da0cd6d1
SSDEEP

3072:TZeNJofUXhT6bmzKsB+c1pzJyW9uJTlXIDPHT2G:TcIsBPjuRXsr2

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  f9fee676404cf901fd2eb69f7840fb07
- Size
  
  153KB
- MD5
  
  f9fee676404cf901fd2eb69f7840fb07
- SHA1
  
  a3b24e14cccb214ff9028855cd309f05f27dac65
- SHA256
  
  b18e50f2581933b5afbf88dd7b4ceddcb6b0f0283fe82876a908191350f628a7
- SHA512
  
  a05d99fa00dd7df99d3f8701e4dadf733f5a10cd20e3f7a108c60f7e0e5b79f68f618e2e4949cb620d60871686b6c9f4ebe04b955d6d8298df8a2769da0cd6d1
- SSDEEP
  
  3072:TZeNJofUXhT6bmzKsB+c1pzJyW9uJTlXIDPHT2G:TcIsBPjuRXsr2
Score

7^/10

persistence
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2