Overview

overview

7

task1

 

5

task2

 

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dafe1fadb20503d0c486e6f3c6888c14e8ec1565d9fb61aa837822793ce1e9f1

  • Size

    220KB

  • Sample

    191025-jnzbshw3d2

  • MD5

    e327c2543c22c48eabc61713fde9f869

  • SHA1

    f3b88ef474e60dcedcc212aa4569a455e06f9db0

  • SHA256

    dafe1fadb20503d0c486e6f3c6888c14e8ec1565d9fb61aa837822793ce1e9f1

  • SHA512

    a29424860127b6638e5e2c8b4254dbab9f7530f8dd6570194083d38b53dbf4e6c1a158dc7203370b14db5330f098e591aed11655ea0e4ee5279916a0ab3f6f2a

Score
7/10

Malware Config

Targets

    • Target

      dafe1fadb20503d0c486e6f3c6888c14e8ec1565d9fb61aa837822793ce1e9f1

    • Size

      220KB

    • MD5

      e327c2543c22c48eabc61713fde9f869

    • SHA1

      f3b88ef474e60dcedcc212aa4569a455e06f9db0

    • SHA256

      dafe1fadb20503d0c486e6f3c6888c14e8ec1565d9fb61aa837822793ce1e9f1

    • SHA512

      a29424860127b6638e5e2c8b4254dbab9f7530f8dd6570194083d38b53dbf4e6c1a158dc7203370b14db5330f098e591aed11655ea0e4ee5279916a0ab3f6f2a

    Score
    7/10

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks