25030c2357ace3a1713e4698aa6e139e888d880b57e5772d39447a42ac301591 | Triage

Sharing

General

Target

25030c2357ace3a1713e4698aa6e139e888d880b57e5772d39447a42ac301591
Size

3.8MB
Sample

201113-9f174vc4ea
MD5

ddf329f7573b2a7dcdf11e8734a44850
SHA1

cbf1ea887d769a1f094b197c000dda8426d3f7f6
SHA256

25030c2357ace3a1713e4698aa6e139e888d880b57e5772d39447a42ac301591
SHA512

f5301d9f2ee4a7d31f712ef1cc433f72bcd01033872d1e29dfbdcc6fc10d873b3c36c8630989b944cc45cd39829b10697f23db0cb0aceeda12932b5889d639f8

Score

9^/10

discovery exploit persistence

Malware Config

Targets

- Target
  
  25030c2357ace3a1713e4698aa6e139e888d880b57e5772d39447a42ac301591
- Size
  
  3.8MB
- MD5
  
  ddf329f7573b2a7dcdf11e8734a44850
- SHA1
  
  cbf1ea887d769a1f094b197c000dda8426d3f7f6
- SHA256
  
  25030c2357ace3a1713e4698aa6e139e888d880b57e5772d39447a42ac301591
- SHA512
  
  f5301d9f2ee4a7d31f712ef1cc433f72bcd01033872d1e29dfbdcc6fc10d873b3c36c8630989b944cc45cd39829b10697f23db0cb0aceeda12932b5889d639f8
Score

9^/10

discovery exploit persistence
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies RDP port number used by Windows
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistence

behavioral2