Overview

overview

8

task1

 

8

task2

 

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8461d1a45de8e1ad69bf3845cee5efc004e7f9612653b0bd77cdd9bc7208e43

  • Size

    370KB

  • Sample

    191025-zm194mczrj

  • MD5

    d7f1521acc86febf77129374d4e0e539

  • SHA1

    51a50078ac4a376affe83f052ceafefb6ed8823b

  • SHA256

    f8461d1a45de8e1ad69bf3845cee5efc004e7f9612653b0bd77cdd9bc7208e43

  • SHA512

    76ed843a2e4bdecbe317ccf0564a624d5ce940ed8bc66d8ae0c3381e7377dde319aba1ce5c7a2f349c7e41c13a26191d51ad4b44e726d858b409525749a17403

Score
8/10

Malware Config

Targets

    • Target

      f8461d1a45de8e1ad69bf3845cee5efc004e7f9612653b0bd77cdd9bc7208e43

    • Size

      370KB

    • MD5

      d7f1521acc86febf77129374d4e0e539

    • SHA1

      51a50078ac4a376affe83f052ceafefb6ed8823b

    • SHA256

      f8461d1a45de8e1ad69bf3845cee5efc004e7f9612653b0bd77cdd9bc7208e43

    • SHA512

      76ed843a2e4bdecbe317ccf0564a624d5ce940ed8bc66d8ae0c3381e7377dde319aba1ce5c7a2f349c7e41c13a26191d51ad4b44e726d858b409525749a17403

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks