4949f52e22a9364fa803a52683e413500507b9c720eef243a3f9bb982023d093 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4949f52e22a9364fa803a52683e413500507b9c720eef243a3f9bb982023d093
Size

3.3MB
Sample

240802-z4tcpa1akk
MD5

7709dc7c99df306d64651ce0e582e666
SHA1

84d3f1e6597ee4f5da021250590c758562279c75
SHA256

4949f52e22a9364fa803a52683e413500507b9c720eef243a3f9bb982023d093
SHA512

b2f1bffd881e49849009cd6d5e16f7fd18789b4c7e7cb8a3685e6af73e9d318c9c44aa4ba8b38df1a0dc4a0e1cfd064b885636065f3414c7d9719eb80ae9781a
SSDEEP

49152:Bdx56xYcIcuHcKAH2IgGXikE2I6wdD1weda4NVk4aZ2EG:Bd6x/IcuHcKAHfnEqwdDioa4NilG

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  4949f52e22a9364fa803a52683e413500507b9c720eef243a3f9bb982023d093
- Size
  
  3.3MB
- MD5
  
  7709dc7c99df306d64651ce0e582e666
- SHA1
  
  84d3f1e6597ee4f5da021250590c758562279c75
- SHA256
  
  4949f52e22a9364fa803a52683e413500507b9c720eef243a3f9bb982023d093
- SHA512
  
  b2f1bffd881e49849009cd6d5e16f7fd18789b4c7e7cb8a3685e6af73e9d318c9c44aa4ba8b38df1a0dc4a0e1cfd064b885636065f3414c7d9719eb80ae9781a
- SSDEEP
  
  49152:Bdx56xYcIcuHcKAH2IgGXikE2I6wdD1weda4NVk4aZ2EG:Bd6x/IcuHcKAHfnEqwdDioa4NilG
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2