Overview

overview

7

task1

 

5

task2

 

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bc6a3903703b19cb178d68e644f0e9f9586e50348d48a3aeb16eba5eafbd900

  • Size

    256KB

  • Sample

    191025-gshrdjmcvs

  • MD5

    7c784c0b36efd0f76980af68ade6bafd

  • SHA1

    8b3c63d56b40752700889e8997c4a0561379c8fe

  • SHA256

    1bc6a3903703b19cb178d68e644f0e9f9586e50348d48a3aeb16eba5eafbd900

  • SHA512

    e88da2fc1d94a9f3649ed34dc289d00a2522eb093e026035ca2791f03d0ce190d037600e82456fffe6662e3708d8f3cc0afebfe0b58474a1d83b4a6dd1703edc

Score
7/10

Malware Config

Targets

    • Target

      1bc6a3903703b19cb178d68e644f0e9f9586e50348d48a3aeb16eba5eafbd900

    • Size

      256KB

    • MD5

      7c784c0b36efd0f76980af68ade6bafd

    • SHA1

      8b3c63d56b40752700889e8997c4a0561379c8fe

    • SHA256

      1bc6a3903703b19cb178d68e644f0e9f9586e50348d48a3aeb16eba5eafbd900

    • SHA512

      e88da2fc1d94a9f3649ed34dc289d00a2522eb093e026035ca2791f03d0ce190d037600e82456fffe6662e3708d8f3cc0afebfe0b58474a1d83b4a6dd1703edc

    Score
    7/10

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks