aff0e193afe200da4fd365d287ac23a3a12d31f8ec3671d76addc7060497d4ec | Triage

Sharing

General

Target

aff0e193afe200da4fd365d287ac23a3a12d31f8ec3671d76addc7060497d4ec
Size

215KB
Sample

240507-apmh6aaa5v
MD5

6ba1e887e74ab60f7cb3c70cbc00e638
SHA1

f770d2fd8c8b642f1b8a20a6d47a04f47d7318dd
SHA256

aff0e193afe200da4fd365d287ac23a3a12d31f8ec3671d76addc7060497d4ec
SHA512

d0797bcf3a9c3257253ac4b5f161b81e7ab16506f003ac59801a0974f043d0dd7046690eb3d4de452a5cdd6f550a11b9e6d7662290576596c4de09c604f54d08
SSDEEP

6144:/14RzUNsYN1B9nX9Ud9HMv5B2iq7CANYwJqX0445KNGUsB0pdhyGE6o7QH6WJGpn:/8zCsYBcDB

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  aff0e193afe200da4fd365d287ac23a3a12d31f8ec3671d76addc7060497d4ec
- Size
  
  215KB
- MD5
  
  6ba1e887e74ab60f7cb3c70cbc00e638
- SHA1
  
  f770d2fd8c8b642f1b8a20a6d47a04f47d7318dd
- SHA256
  
  aff0e193afe200da4fd365d287ac23a3a12d31f8ec3671d76addc7060497d4ec
- SHA512
  
  d0797bcf3a9c3257253ac4b5f161b81e7ab16506f003ac59801a0974f043d0dd7046690eb3d4de452a5cdd6f550a11b9e6d7662290576596c4de09c604f54d08
- SSDEEP
  
  6144:/14RzUNsYN1B9nX9Ud9HMv5B2iq7CANYwJqX0445KNGUsB0pdhyGE6o7QH6WJGpn:/8zCsYBcDB
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2