General
-
Target
f7f089f7f7753da939649fe98a4d274e44b837a61b72d022897858e1998cc7c4
-
Size
1.2MB
-
Sample
240727-gs66astemg
-
MD5
a4c6a296a5b55a2858c0343d2c44490b
-
SHA1
01c57919f82cf0ec9683540735141302032ac070
-
SHA256
f7f089f7f7753da939649fe98a4d274e44b837a61b72d022897858e1998cc7c4
-
SHA512
0bd26eb1250c24b3b0ea5938c17d71dcf9b7467fc85588e8b13978e8d06aaa6e34dd276ebb67c4455e2a8db4458d487c8bde54c7a0cf4bed2e54a323194ef13f
-
SSDEEP
24576:PZbqxGFMhCGa7cQPHpk060aci6V20XH83oD1dEUu28KkzFu7biF8:RbqxGFMhCGa7cQkJciMvMXLFgbi2
Malware Config
Targets
-
-
Target
f7f089f7f7753da939649fe98a4d274e44b837a61b72d022897858e1998cc7c4
-
Size
1.2MB
-
MD5
a4c6a296a5b55a2858c0343d2c44490b
-
SHA1
01c57919f82cf0ec9683540735141302032ac070
-
SHA256
f7f089f7f7753da939649fe98a4d274e44b837a61b72d022897858e1998cc7c4
-
SHA512
0bd26eb1250c24b3b0ea5938c17d71dcf9b7467fc85588e8b13978e8d06aaa6e34dd276ebb67c4455e2a8db4458d487c8bde54c7a0cf4bed2e54a323194ef13f
-
SSDEEP
24576:PZbqxGFMhCGa7cQPHpk060aci6V20XH83oD1dEUu28KkzFu7biF8:RbqxGFMhCGa7cQkJciMvMXLFgbi2
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1