6a3697ba45761522d191206483b3a19af6a03e8e272d8dc518163d67782c2812 | Triage

Sharing

General

Target

6a3697ba45761522d191206483b3a19af6a03e8e272d8dc518163d67782c2812
Size

1.9MB
Sample

240906-mnbfqasbpa
MD5

0396cad90eb07681dc39e521ad18c814
SHA1

fa7b0e5dfc5ffe08e28468028c0142a334d87b7d
SHA256

6a3697ba45761522d191206483b3a19af6a03e8e272d8dc518163d67782c2812
SHA512

4615692c7fb1b46bd7bf2f19f41feca4862c7b20bd514cfd278bcb3a604646fa9c5f82405b049db776405178565525c192015e2502e05f31c20dc4db0a01233e
SSDEEP

49152:JjOSzOsDGqexF3KxiI29OeHl94qgO67dqNSM6SNW/VpMzgt36A:zzOsDZev8iI81gO6RqNS+NWftKA

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  Boadfjbrfv.exe
- Size
  
  2.1MB
- MD5
  
  82e3337010f8620d1da28eec70694e84
- SHA1
  
  be19dbdeaefbda911315a2a62f0e04f0089c328e
- SHA256
  
  316290598d3f5971b52d5ace2fc6e935ac0ed2414b70cbca765032c1b430d7cd
- SHA512
  
  e2f8877efa39048a8305963fb80d27d6e61fc47a5831a945b7458b66f65b6612dd7938203900525d116e8e64eba9f4a923b8ec1abd57c914e915caa4a979cc5f
- SSDEEP
  
  49152:qiBMwzOkD0qqHR5uxG+29QKnp9yqgk6Bbq/SAKUNW/VpMPSF3e:qYzOkDHq3oG+8Pgk6Jq/SCNWjFO
Score

10^/10

discovery persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence