2755254040f0f34ace3a946b775e1feb1aaa30c3864e0a75234c33c818812af7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a29d82ada18a592.exe
Size

47.9MB
Sample

240502-q6fpyacc98
MD5

1a885b119af9ad5a0f21d7a4f1ff9f3a
SHA1

4b7db1ae9c7729da938a158f88f4b51a5c6b5ba9
SHA256

2755254040f0f34ace3a946b775e1feb1aaa30c3864e0a75234c33c818812af7
SHA512

6c72986c4f1c375a21d28549747e8d7bef72f92a8dee0576a5734f4a62cf0dd335da9afb2dd65a0c4b5f1196179db096d3fe2c28185c30317694580b59e439f5
SSDEEP

786432:0PeZGq4n/36w/jcAoKKT4jjb7MbjK+T3E8TOvur1DErzbglJg/3djt+R7j7R3rm:SfqO/1wgK0jHiK+TnSQSrH/N67jl

Score

8^/10

Malware Config

Targets

- Target
  
  5a29d82ada18a592.exe
- Size
  
  47.9MB
- MD5
  
  1a885b119af9ad5a0f21d7a4f1ff9f3a
- SHA1
  
  4b7db1ae9c7729da938a158f88f4b51a5c6b5ba9
- SHA256
  
  2755254040f0f34ace3a946b775e1feb1aaa30c3864e0a75234c33c818812af7
- SHA512
  
  6c72986c4f1c375a21d28549747e8d7bef72f92a8dee0576a5734f4a62cf0dd335da9afb2dd65a0c4b5f1196179db096d3fe2c28185c30317694580b59e439f5
- SSDEEP
  
  786432:0PeZGq4n/36w/jcAoKKT4jjb7MbjK+T3E8TOvur1DErzbglJg/3djt+R7j7R3rm:SfqO/1wgK0jHiK+TnSQSrH/N67jl
Score

8^/10
- Drops file in Drivers directory
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2