c284d1179a3a94398675fa702482ad196a06c8bbde7bcd1dc12af65d4c63c702 | Triage

Sharing

General

Target

c284d1179a3a94398675fa702482ad196a06c8bbde7bcd1dc12af65d4c63c702
Size

16KB
Sample

241014-dxjn1sxcke
MD5

0abb0a370539efc06f2858e2d752aa0f
SHA1

abfc61b974c76340715e4ae3b44b969333bf2975
SHA256

c284d1179a3a94398675fa702482ad196a06c8bbde7bcd1dc12af65d4c63c702
SHA512

470e502dfb1e9df6fd76c334eaddfecff0d81798d2bf143e6b9879d61d8352cad30d9d97fe5eb85e9c44b076eff4d82345755906410cb3c9a8a24bb3f44b8d6b
SSDEEP

96:alV/7aG0bHNtH8is0yJ79johIeA3qtiAg5r43w0vHzNt:ssN2isL3ohlA3qtiAiewUR

Score

10^/10

collection discovery persistence

Malware Config

Targets

- Target
  
  c284d1179a3a94398675fa702482ad196a06c8bbde7bcd1dc12af65d4c63c702
- Size
  
  16KB
- MD5
  
  0abb0a370539efc06f2858e2d752aa0f
- SHA1
  
  abfc61b974c76340715e4ae3b44b969333bf2975
- SHA256
  
  c284d1179a3a94398675fa702482ad196a06c8bbde7bcd1dc12af65d4c63c702
- SHA512
  
  470e502dfb1e9df6fd76c334eaddfecff0d81798d2bf143e6b9879d61d8352cad30d9d97fe5eb85e9c44b076eff4d82345755906410cb3c9a8a24bb3f44b8d6b
- SSDEEP
  
  96:alV/7aG0bHNtH8is0yJ79johIeA3qtiAg5r43w0vHzNt:ssN2isL3ohlA3qtiAiewUR
Score

10^/10

discovery collection persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

collectiondiscoverypersistence