79e4d9441a7cef75238ceb7ded0fb18b3167541d6657beefbc013365736cd258 | Triage

Sharing

General

Target

5FOVExternal.rar
Size

4.4MB
Sample

240825-w339qaxgnh
MD5

437bd66b4161d0e53a9bcd091a8685d9
SHA1

f97236bbfd144ced21d6069d8d11cefa0cbe2290
SHA256

79e4d9441a7cef75238ceb7ded0fb18b3167541d6657beefbc013365736cd258
SHA512

990c3d5c0b2aa079ba78d7e8fef7fcc8fa47b83ec7317098ebe716c05bc12e1e289078a3babf50cb36058db1921f24ac215cb8c3a38446cacb32100785f31820
SSDEEP

98304:Ou7SC/KtE247mMcXp1qKZQnU19DqEID5jv+xjKmQSb:v7f/GE2gNcXdZ4LDHmdb

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  5FOV-Release.exe
- Size
  
  1.1MB
- MD5
  
  265ce24d394c77f43e36d6bbdcfec6c4
- SHA1
  
  9a6cec2a60016fd830729956f11665bec6f8da8c
- SHA256
  
  78ee03375ccaa26cbaaf80ff81713e3e98c573dfc1f3c0c87ba286863e980f5f
- SHA512
  
  f66b194d3b8c68310e62e3777e22f3bbc8d46b9da9e6a82460af1b8f245a5d048822b5f84d5b37b872f77e3c8adc3ab9efbf563e4f555e65c748226529870d70
- SSDEEP
  
  12288:U7yY1x8bUNCjB0AcKK8Rcyar+/DJtr+03UqJfagOmmfdMOD8fQE707I4:U7y+NdAcKK8q+bJtr+Q/O7iOwQ0G
Score

8^/10

discovery persistence
- Sets service image path in registry
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence