81d0dff89b17ba82da236f32f72ff13afe6d61530ec46e71a37a73793850815e | Triage

Sharing

General

Target

81d0dff89b17ba82da236f32f72ff13afe6d61530ec46e71a37a73793850815e
Size

3.8MB
Sample

201111-dl4mx95j8a
MD5

54e25f490523f83e9af9b60ab197a3a7
SHA1

e698efcdc53a64ed9df1b2776887e4dbc8a3bf29
SHA256

81d0dff89b17ba82da236f32f72ff13afe6d61530ec46e71a37a73793850815e
SHA512

778a41cb762f2a6d1564d18545b589836ba46d10dc727bb19fd7e3c5f9b50cf0d8fc587cab6e509bc07258d094c9d7624f4938285dfb4bf7dcacef613cb254a9

Score

9^/10

discovery exploit persistence

Malware Config

Targets

- Target
  
  81d0dff89b17ba82da236f32f72ff13afe6d61530ec46e71a37a73793850815e
- Size
  
  3.8MB
- MD5
  
  54e25f490523f83e9af9b60ab197a3a7
- SHA1
  
  e698efcdc53a64ed9df1b2776887e4dbc8a3bf29
- SHA256
  
  81d0dff89b17ba82da236f32f72ff13afe6d61530ec46e71a37a73793850815e
- SHA512
  
  778a41cb762f2a6d1564d18545b589836ba46d10dc727bb19fd7e3c5f9b50cf0d8fc587cab6e509bc07258d094c9d7624f4938285dfb4bf7dcacef613cb254a9
Score

9^/10

discovery exploit persistence
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies RDP port number used by Windows
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistence

behavioral2