d5fac96ab929354283ac04357a822d41a7e84fbb97664d0711a269a16e491378 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6b09975818a47faf45c10fbba6addd0N
Size

3.2MB
Sample

240909-hz14aswgnl
MD5

a6b09975818a47faf45c10fbba6addd0
SHA1

49af3b6eb77a37bebfb7fcd26f7727de187c7ab4
SHA256

d5fac96ab929354283ac04357a822d41a7e84fbb97664d0711a269a16e491378
SHA512

dce3a7c0ff51f785753456ea2d0a39dc30cfd7a19e1ca8f180f8e5e8e875a58d214205fb87ab4b50742d5b6ca5ac15e03b88b3ec26c9b53fc3eac5f1e3296656
SSDEEP

49152:Bdx56xYcIcuHcKAH2IgGXikE2I6wdD1weda4NVk4adt:Bd6x/IcuHcKAHfnEqwdDioa4NYt

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a6b09975818a47faf45c10fbba6addd0N
- Size
  
  3.2MB
- MD5
  
  a6b09975818a47faf45c10fbba6addd0
- SHA1
  
  49af3b6eb77a37bebfb7fcd26f7727de187c7ab4
- SHA256
  
  d5fac96ab929354283ac04357a822d41a7e84fbb97664d0711a269a16e491378
- SHA512
  
  dce3a7c0ff51f785753456ea2d0a39dc30cfd7a19e1ca8f180f8e5e8e875a58d214205fb87ab4b50742d5b6ca5ac15e03b88b3ec26c9b53fc3eac5f1e3296656
- SSDEEP
  
  49152:Bdx56xYcIcuHcKAH2IgGXikE2I6wdD1weda4NVk4adt:Bd6x/IcuHcKAHfnEqwdDioa4NYt
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence