aa892cf3eb80b918469a8689eabb240b2ad50784e74885d9e277640e252bbbae | Triage

Sharing

General

Target

TwoLayer.zip
Size

6.9MB
Sample

190926-jyftrj55ss
MD5

aef8c34f564b6830d9ca288bcc7434ea
SHA1

79a25fe04fdf586ac73fdd2e152ad8e61dfba952
SHA256

aa892cf3eb80b918469a8689eabb240b2ad50784e74885d9e277640e252bbbae
SHA512

c492d7a4b66bcc0615a336987810ae6369f00faefe6f6906b53056f9c759aff8ccc95b22db6d3b4a5be84eaa4201e6ef24dc19f96c4423765ab06b20e57e348b

Score

10^/10

Malware Config

Targets

- Target
  
  ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
- Size
  
  3.4MB
- MD5
  
  84c82835a5d21bbcf75a61706d8ab549
- SHA1
  
  5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
- SHA256
  
  ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
- SHA512
  
  90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
Score

10^/10
- flawedammy family
  family
- wannacry family
  family
- Creates new service
  persistence
- Executes dropped EXE
- Known Tor node
- Modifies Windows Firewall
  evasion
- Modifies file permissions
- Drops startup file
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Modifies system certificate store
  evasion spyware trojan
- Drops Office document
  dropper exploiter maldoc
- Modifies service
  persistence
- Sets desktop wallpaper registry value
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
task1 task2 task3 task4
- Target
  
  fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe
- Size
  
  3.6MB
- MD5
  
  743a6891999db5d7179091aba5f98fdb
- SHA1
  
  eeca4b8f88fcae9db6f54304270699d459fb5722
- SHA256
  
  fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f
- SHA512
  
  9edef033663c828536190332ec87ac0096ffddae934d17c51b255a55ecb05774211a0edb1915c19384641befa291cfdfd2e3f878bf3b827f8b203ec1bee9dd96
Score

N/A

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

File Deletion

File and Directory Permissions Modification

Hidden Files and Directories

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

task1

task2

task3

task4