Overview

overview

8

Static

static

1

first_party_sets.db

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    first_party_sets.db

  • Size

    48KB

  • Sample

    240523-bryjwagd4t

  • MD5

    e52d9864a92d73cabb391df745e79d60

  • SHA1

    acca54c8968c914d08821d88b3ef925ad084f8e3

  • SHA256

    72294439ea999709ae9574292116846bf946d640fde793e49deec4a2b3a23bb9

  • SHA512

    fe4ed62a668ee3be1a9208e9d17a9b57b784c8f63ed47b6da6282de71c8415788b65a869f5938c3bd18ad945ae49feb32e45d38059b17f00296f8ab2330a2065

  • SSDEEP

    24:TLizU4/arHRH34kQrq+i7ZYZY5J+Qnj3k0rJXAeL3mkAD6W6Ivrr6UwBgfxnY:Te/IHRH34kWqB1kQnjhHmr6ITmUrxY

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      first_party_sets.db

    • Size

      48KB

    • MD5

      e52d9864a92d73cabb391df745e79d60

    • SHA1

      acca54c8968c914d08821d88b3ef925ad084f8e3

    • SHA256

      72294439ea999709ae9574292116846bf946d640fde793e49deec4a2b3a23bb9

    • SHA512

      fe4ed62a668ee3be1a9208e9d17a9b57b784c8f63ed47b6da6282de71c8415788b65a869f5938c3bd18ad945ae49feb32e45d38059b17f00296f8ab2330a2065

    • SSDEEP

      24:TLizU4/arHRH34kQrq+i7ZYZY5J+Qnj3k0rJXAeL3mkAD6W6Ivrr6UwBgfxnY:Te/IHRH34kWqB1kQnjhHmr6ITmUrxY

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks