9419ec3be217809bc01f1c9e2b54cede02aec72f3fc513aff51414b9e63851b9 | Triage

Sharing

General

Target

9419ec3be217809bc01f1c9e2b54cede02aec72f3fc513aff51414b9e63851b9
Size

5.1MB
Sample

240919-ehn6mazfkj
MD5

72e360d64d4060a1f18117e88d7feb3f
SHA1

b8f79a39c1703ddecea07eac4cad1712ac8240bc
SHA256

9419ec3be217809bc01f1c9e2b54cede02aec72f3fc513aff51414b9e63851b9
SHA512

14eff0cb155603348d0e807ea947d66dd6c88cb2935c7bc1062d5fa9258e70276ef81d4208d21945ede4727edd67ce816e01bcd254f997f2f1119898fdff16c5
SSDEEP

98304:Q/pgQ/DPHrxVSOAzJCYMC20Nw1M72/zlU+FbSQ31PNGUyointu:Apgybrx8OA1MCT6272/5U+hN7ktu

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  9419ec3be217809bc01f1c9e2b54cede02aec72f3fc513aff51414b9e63851b9
- Size
  
  5.1MB
- MD5
  
  72e360d64d4060a1f18117e88d7feb3f
- SHA1
  
  b8f79a39c1703ddecea07eac4cad1712ac8240bc
- SHA256
  
  9419ec3be217809bc01f1c9e2b54cede02aec72f3fc513aff51414b9e63851b9
- SHA512
  
  14eff0cb155603348d0e807ea947d66dd6c88cb2935c7bc1062d5fa9258e70276ef81d4208d21945ede4727edd67ce816e01bcd254f997f2f1119898fdff16c5
- SSDEEP
  
  98304:Q/pgQ/DPHrxVSOAzJCYMC20Nw1M72/zlU+FbSQ31PNGUyointu:Apgybrx8OA1MCT6272/5U+hN7ktu
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence