19bbbe3c06aa6a6940fbf4c971193eae81367a85695f029219a017f02af27534 | Triage

Sharing

General

Target

a40d521687543ade199a9960bae3b821
Size

34KB
Sample

240225-r4q9bsea44
MD5

a40d521687543ade199a9960bae3b821
SHA1

cb548e67b03204403da4bf82cf3c2dc58df35302
SHA256

19bbbe3c06aa6a6940fbf4c971193eae81367a85695f029219a017f02af27534
SHA512

d242ab1b09141e662ed9595c73e5658298d3e969254429a19b61dbfd7bcf61876fb7677d5649fdfffd3cb2dcbc74789e76d8b95b88aec8d5ba4d086fe66bdd96
SSDEEP

768:UbWMezBoePQ2nl+sftNZZ4DIjpD1ywVneyMoXmFNT3KW9Gg:L/Boy+sfthdjpowVJMoXmFR6W9x

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a40d521687543ade199a9960bae3b821
- Size
  
  34KB
- MD5
  
  a40d521687543ade199a9960bae3b821
- SHA1
  
  cb548e67b03204403da4bf82cf3c2dc58df35302
- SHA256
  
  19bbbe3c06aa6a6940fbf4c971193eae81367a85695f029219a017f02af27534
- SHA512
  
  d242ab1b09141e662ed9595c73e5658298d3e969254429a19b61dbfd7bcf61876fb7677d5649fdfffd3cb2dcbc74789e76d8b95b88aec8d5ba4d086fe66bdd96
- SSDEEP
  
  768:UbWMezBoePQ2nl+sftNZZ4DIjpD1ywVneyMoXmFNT3KW9Gg:L/Boy+sfthdjpowVJMoXmFR6W9x
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2