Overview

overview

7

task1

 

5

task2

 

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e0cf010f32afc4e748233d4ecbe5a0d48f535c5111321b71b101bda325605691

  • Size

    1.2MB

  • Sample

    191025-vhgath1p46

  • MD5

    a1270f6315004f675ec8e4cf80efda0e

  • SHA1

    1de2cef34275b09dae360cff5f9a4c757242804a

  • SHA256

    e0cf010f32afc4e748233d4ecbe5a0d48f535c5111321b71b101bda325605691

  • SHA512

    7e3912e32c1e5c3bb98bae2b7c1ef24d6a3899e0b50d287ec1f2290a55bb0d161c7a9073614d46144242c0cce45ca370a222b3ab331abe6cdae62bcfec1da090

Score
7/10

Malware Config

Targets

    • Target

      e0cf010f32afc4e748233d4ecbe5a0d48f535c5111321b71b101bda325605691

    • Size

      1.2MB

    • MD5

      a1270f6315004f675ec8e4cf80efda0e

    • SHA1

      1de2cef34275b09dae360cff5f9a4c757242804a

    • SHA256

      e0cf010f32afc4e748233d4ecbe5a0d48f535c5111321b71b101bda325605691

    • SHA512

      7e3912e32c1e5c3bb98bae2b7c1ef24d6a3899e0b50d287ec1f2290a55bb0d161c7a9073614d46144242c0cce45ca370a222b3ab331abe6cdae62bcfec1da090

    Score
    7/10

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks