af69daa12d781d5f8453ee2a3d6791233feb5bc8d56991a9ef138a005698d74b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af69daa12d781d5f8453ee2a3d6791233feb5bc8d56991a9ef138a005698d74b
Size

159KB
Sample

240913-blm6yswclr
MD5

7099e752c0a782cdd9af80fe59510d92
SHA1

677497198fb6e7dc4122e81498de31748b23685d
SHA256

af69daa12d781d5f8453ee2a3d6791233feb5bc8d56991a9ef138a005698d74b
SHA512

b48337cce9e454c67b7d368a77a2accaad03b9caf73c4aba6caf07fdff4ee2fb33ad432c85c4e49bca441bfcabd610505cfad4551df84e63f083c819785db665
SSDEEP

3072:Sx1TajppFJN7hyH8He6am2iQPgpKoVjM3N9XZbcqZcquHRg:O1TaFpR7UIttrQGvC991c+cD

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  af69daa12d781d5f8453ee2a3d6791233feb5bc8d56991a9ef138a005698d74b
- Size
  
  159KB
- MD5
  
  7099e752c0a782cdd9af80fe59510d92
- SHA1
  
  677497198fb6e7dc4122e81498de31748b23685d
- SHA256
  
  af69daa12d781d5f8453ee2a3d6791233feb5bc8d56991a9ef138a005698d74b
- SHA512
  
  b48337cce9e454c67b7d368a77a2accaad03b9caf73c4aba6caf07fdff4ee2fb33ad432c85c4e49bca441bfcabd610505cfad4551df84e63f083c819785db665
- SSDEEP
  
  3072:Sx1TajppFJN7hyH8He6am2iQPgpKoVjM3N9XZbcqZcquHRg:O1TaFpR7UIttrQGvC991c+cD
Score

7^/10

discovery persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence