Overview

overview

7

task1

 

6

task2

 

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77f5d8bbf5b22a43f60bcc4ded7dbc56529fa0ba00b29e916132bddbeae3ca26

  • Size

    1.2MB

  • Sample

    191025-583b19wbds

  • MD5

    bb0cb63cd1f24f666217be9405090016

  • SHA1

    78b7c961ac2f719330fce0901fca454a37ae1fbd

  • SHA256

    77f5d8bbf5b22a43f60bcc4ded7dbc56529fa0ba00b29e916132bddbeae3ca26

  • SHA512

    b2639317f54b721b262106e0ce9dcd4b92871c4115f3b43357f83f52e329c8de9581a2c69393f53dd13ad728f4d229892966d4e9dd909cbb71a64b624773b646

Score
7/10

Malware Config

Targets

    • Target

      77f5d8bbf5b22a43f60bcc4ded7dbc56529fa0ba00b29e916132bddbeae3ca26

    • Size

      1.2MB

    • MD5

      bb0cb63cd1f24f666217be9405090016

    • SHA1

      78b7c961ac2f719330fce0901fca454a37ae1fbd

    • SHA256

      77f5d8bbf5b22a43f60bcc4ded7dbc56529fa0ba00b29e916132bddbeae3ca26

    • SHA512

      b2639317f54b721b262106e0ce9dcd4b92871c4115f3b43357f83f52e329c8de9581a2c69393f53dd13ad728f4d229892966d4e9dd909cbb71a64b624773b646

    Score
    7/10

    • Windows security modification

      evasiontrojan

    • Adds Run entry to start application

      persistence

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks