Overview

overview

7

task1

 

5

task2

 

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ccc33f6eb19efbd4422a4f69f05ea787078db32290a64c6048d5fd0df1fb2087

  • Size

    188KB

  • Sample

    191025-e12766jfx6

  • MD5

    b3d1cfc961bfbaf80b38cd8f0ca68d8d

  • SHA1

    093587407790e0c5680b9f8e16951233ec132833

  • SHA256

    ccc33f6eb19efbd4422a4f69f05ea787078db32290a64c6048d5fd0df1fb2087

  • SHA512

    09f6c0a573f1dd9d85d0eeaa7f131150a0c809dc49c72e09b7ae89c9a465cc13b0d5e50475d2edc2c93daf68a97246a43fb2cceff6c34a00322b1f59435adf64

Score
7/10

Malware Config

Targets

    • Target

      ccc33f6eb19efbd4422a4f69f05ea787078db32290a64c6048d5fd0df1fb2087

    • Size

      188KB

    • MD5

      b3d1cfc961bfbaf80b38cd8f0ca68d8d

    • SHA1

      093587407790e0c5680b9f8e16951233ec132833

    • SHA256

      ccc33f6eb19efbd4422a4f69f05ea787078db32290a64c6048d5fd0df1fb2087

    • SHA512

      09f6c0a573f1dd9d85d0eeaa7f131150a0c809dc49c72e09b7ae89c9a465cc13b0d5e50475d2edc2c93daf68a97246a43fb2cceff6c34a00322b1f59435adf64

    Score
    7/10

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks