25b3f2241a7fb8dc0c5babaa5e680c543e1def776c20805f0ef52ad589e8e455 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

003169683de0985f14db2f7e0f248101
Size

116KB
Sample

231229-wvxf7sgcak
MD5

003169683de0985f14db2f7e0f248101
SHA1

9cac9530305c62dc238f7d01418938ab790b6e83
SHA256

25b3f2241a7fb8dc0c5babaa5e680c543e1def776c20805f0ef52ad589e8e455
SHA512

b2f506d62ef920c4ef6347f684cf0aaa86c5b43927844e57be3ab583267f682c57a7a48079d5398a05787abf0e42ef9d8d7c838dfe18c3c08d85071e5b1181b7
SSDEEP

1536:RfKHMttZeCUaqerG6gJl5G43RRGnXryt9O+12lBPg7TzD3:QstKzR8rqlQ8z7

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  003169683de0985f14db2f7e0f248101
- Size
  
  116KB
- MD5
  
  003169683de0985f14db2f7e0f248101
- SHA1
  
  9cac9530305c62dc238f7d01418938ab790b6e83
- SHA256
  
  25b3f2241a7fb8dc0c5babaa5e680c543e1def776c20805f0ef52ad589e8e455
- SHA512
  
  b2f506d62ef920c4ef6347f684cf0aaa86c5b43927844e57be3ab583267f682c57a7a48079d5398a05787abf0e42ef9d8d7c838dfe18c3c08d85071e5b1181b7
- SSDEEP
  
  1536:RfKHMttZeCUaqerG6gJl5G43RRGnXryt9O+12lBPg7TzD3:QstKzR8rqlQ8z7
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2