b65535497fc9dce24c80acb8f1b980b9303ec6d228e25e2127ce91f69c7b39f5 | Triage

Sharing

General

Target

7edd163100f2652e4dcc1fb63338face
Size

918KB
Sample

240129-ewlmnabbbj
MD5

7edd163100f2652e4dcc1fb63338face
SHA1

1e2dcd36c3021e8d3aec655a6ace29c0512dc0aa
SHA256

b65535497fc9dce24c80acb8f1b980b9303ec6d228e25e2127ce91f69c7b39f5
SHA512

60482edebb4122807fc87259c1d7528355cf359498ed7d12848a7eb429684b7b2d2d30f4772484034761a29a0ba4f23282b8679d2006e3ede3c29ae47bf9e852
SSDEEP

24576:o7+q2YU//64ktxzdXkBsXPYm0kKK0gVVt:6+1Yo0Hzdum0kKtgp

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  7edd163100f2652e4dcc1fb63338face
- Size
  
  918KB
- MD5
  
  7edd163100f2652e4dcc1fb63338face
- SHA1
  
  1e2dcd36c3021e8d3aec655a6ace29c0512dc0aa
- SHA256
  
  b65535497fc9dce24c80acb8f1b980b9303ec6d228e25e2127ce91f69c7b39f5
- SHA512
  
  60482edebb4122807fc87259c1d7528355cf359498ed7d12848a7eb429684b7b2d2d30f4772484034761a29a0ba4f23282b8679d2006e3ede3c29ae47bf9e852
- SSDEEP
  
  24576:o7+q2YU//64ktxzdXkBsXPYm0kKK0gVVt:6+1Yo0Hzdum0kKtgp
Score

8^/10

evasion persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence