0633de45e5f3348221596d43f30f19e55ba300475ff288a198d3fdeecb9f1d03 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-06_b21b6f6d7a94fc7fe8673456439252e4_snatch
Size

6.9MB
Sample

240606-ktyr4acb2x
MD5

b21b6f6d7a94fc7fe8673456439252e4
SHA1

83396190fb46ae0e2caa341e2a35a1333e2d1b79
SHA256

0633de45e5f3348221596d43f30f19e55ba300475ff288a198d3fdeecb9f1d03
SHA512

cd9ee4c2e991cfe311974c7f7c677f35e36f36427e321652c6e56fa84f86e0efb564761e02dc7a666a0ba1df2183ae928479dd5c11463362438c2d08fa155584
SSDEEP

98304:+Y5BVWmRONEz9ZmqXb8pAYEi0ks3E9fmOem6t:7YN69ZnEYyemu

Score

10^/10

execution persistence

Malware Config

Targets

- Target
  
  2024-06-06_b21b6f6d7a94fc7fe8673456439252e4_snatch
- Size
  
  6.9MB
- MD5
  
  b21b6f6d7a94fc7fe8673456439252e4
- SHA1
  
  83396190fb46ae0e2caa341e2a35a1333e2d1b79
- SHA256
  
  0633de45e5f3348221596d43f30f19e55ba300475ff288a198d3fdeecb9f1d03
- SHA512
  
  cd9ee4c2e991cfe311974c7f7c677f35e36f36427e321652c6e56fa84f86e0efb564761e02dc7a666a0ba1df2183ae928479dd5c11463362438c2d08fa155584
- SSDEEP
  
  98304:+Y5BVWmRONEz9ZmqXb8pAYEi0ks3E9fmOem6t:7YN69ZnEYyemu
Score

9^/10

execution persistence
- Detects executables referencing virtualization MAC addresses
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

executionpersistence