Overview

overview

8

Static

static

56aa277081...72.exe

windows7-x64

8

56aa277081...72.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56aa277081075438c3dbbef841299172.bin

  • Size

    183KB

  • Sample

    220827-b8nq1addh9

  • MD5

    56aa277081075438c3dbbef841299172

  • SHA1

    e5870965f41cb82f454043845641ae92b6c6b939

  • SHA256

    0eab1c5406f415f75ab39dbf3651cee9d41a0e0b6d5bdb51042412b57f0aea05

  • SHA512

    6f128a1a9d8b1bb96bc7fa92fad1170395b1ce9603168fb1925bbeb1a5d910f0f8b5999eabdcd4b1dacae376d4ff479d878920984ba68d951a46ac7056b7ad69

  • SSDEEP

    3072:bGVWrMNKUhjhoo7MQW/ieN6RzNLWV+1hpNaL+90tLsVXzJQYMUCb:bGArMNKUhjWl/ieNULu8h39SLSuYMUCb

Score
8/10
persistence

Malware Config

Targets

    • Target

      56aa277081075438c3dbbef841299172.bin

    • Size

      183KB

    • MD5

      56aa277081075438c3dbbef841299172

    • SHA1

      e5870965f41cb82f454043845641ae92b6c6b939

    • SHA256

      0eab1c5406f415f75ab39dbf3651cee9d41a0e0b6d5bdb51042412b57f0aea05

    • SHA512

      6f128a1a9d8b1bb96bc7fa92fad1170395b1ce9603168fb1925bbeb1a5d910f0f8b5999eabdcd4b1dacae376d4ff479d878920984ba68d951a46ac7056b7ad69

    • SSDEEP

      3072:bGVWrMNKUhjhoo7MQW/ieN6RzNLWV+1hpNaL+90tLsVXzJQYMUCb:bGArMNKUhjWl/ieNULu8h39SLSuYMUCb

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks