5e01dd802fc74b8dc0d9182757c2e97c04a8baba0dabd51df315d0047ce39d1e | Triage

Sharing

General

Target

b8f226bb939bc73c607cab61b9e3776b
Size

24KB
Sample

240307-rqr9gadc44
MD5

b8f226bb939bc73c607cab61b9e3776b
SHA1

bba149be1de9d1fc15ecf5f92b09e13b4af355d8
SHA256

5e01dd802fc74b8dc0d9182757c2e97c04a8baba0dabd51df315d0047ce39d1e
SHA512

7109388fb3eeeec9ed7f5a516b51ea91b9c96f1d6a2305b79885017029a1cfb61dfe9e08a742c5b70e8096837486f0a9b6d36ba4ec3e4aa52134a828f3e7c209
SSDEEP

384:ISA/WkFlVY4rr2DcbPy5tI4vAS1oUDDLYhHS5NXGayuxXfseiwo+WmIzAWg:g/WkZvX2DcbPmG4oODeiXneeg0E4

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  b8f226bb939bc73c607cab61b9e3776b
- Size
  
  24KB
- MD5
  
  b8f226bb939bc73c607cab61b9e3776b
- SHA1
  
  bba149be1de9d1fc15ecf5f92b09e13b4af355d8
- SHA256
  
  5e01dd802fc74b8dc0d9182757c2e97c04a8baba0dabd51df315d0047ce39d1e
- SHA512
  
  7109388fb3eeeec9ed7f5a516b51ea91b9c96f1d6a2305b79885017029a1cfb61dfe9e08a742c5b70e8096837486f0a9b6d36ba4ec3e4aa52134a828f3e7c209
- SSDEEP
  
  384:ISA/WkFlVY4rr2DcbPy5tI4vAS1oUDDLYhHS5NXGayuxXfseiwo+WmIzAWg:g/WkZvX2DcbPmG4oODeiXneeg0E4
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2