ebb4e2a012fb820124bedd8e75ecba043b506dfeedbf4e2d5b91c6a2c2821bb5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebb4e2a012fb820124bedd8e75ecba043b506dfeedbf4e2d5b91c6a2c2821bb5
Size

96KB
Sample

240812-edgwraybla
MD5

a2e5be295bc5c2b1901c5d831ed8e349
SHA1

efd0f28ffe4da67796e401a3bb1c3bfe0aa627b4
SHA256

ebb4e2a012fb820124bedd8e75ecba043b506dfeedbf4e2d5b91c6a2c2821bb5
SHA512

57584113b536bca6b0c2c5bb630db69ff23c50dc9bfb6cc65bc1add5b56b464b4faeb307df9433cf7ca2c4d71dabbbbe56bb7e8b58fdd87967bce9c638a6bf46
SSDEEP

1536:YnGzqaiNLzPSTRa+GI7TMGRzXDXQcJKmQ4qWv9H/BOmoCMy0QiLiizHNQNdq:YnG+aiN/qTRafIXRfPK94F5OmoCMyELP

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ebb4e2a012fb820124bedd8e75ecba043b506dfeedbf4e2d5b91c6a2c2821bb5
- Size
  
  96KB
- MD5
  
  a2e5be295bc5c2b1901c5d831ed8e349
- SHA1
  
  efd0f28ffe4da67796e401a3bb1c3bfe0aa627b4
- SHA256
  
  ebb4e2a012fb820124bedd8e75ecba043b506dfeedbf4e2d5b91c6a2c2821bb5
- SHA512
  
  57584113b536bca6b0c2c5bb630db69ff23c50dc9bfb6cc65bc1add5b56b464b4faeb307df9433cf7ca2c4d71dabbbbe56bb7e8b58fdd87967bce9c638a6bf46
- SSDEEP
  
  1536:YnGzqaiNLzPSTRa+GI7TMGRzXDXQcJKmQ4qWv9H/BOmoCMy0QiLiizHNQNdq:YnG+aiN/qTRafIXRfPK94F5OmoCMyELP
Score

10^/10

discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence