75099eecbdcbaedf899ebc906fc9840d2c8c36c4e20022e8eaccf0bec6f24155 | Triage

Sharing

General

Target

54e25f490523f83e9af9b60ab197a3a7
Size

3.8MB
Sample

201117-58cegh4vns
MD5

bce8cb9bda23c61ab301c43cd4cef7f9
SHA1

2c644f40d3fbc980454b0ab02dceb94284dc522b
SHA256

75099eecbdcbaedf899ebc906fc9840d2c8c36c4e20022e8eaccf0bec6f24155
SHA512

8c40707aa6d790982f1e736fe0656c3e50ad09f5165eb75213d4b8452d3df609305180fbf0ae1f2b0808135c08ea200962e932945a11b3e8bd2479c2781784e5

Score

9^/10

discovery exploit persistence

Malware Config

Targets

- Target
  
  54e25f490523f83e9af9b60ab197a3a7
- Size
  
  3.8MB
- MD5
  
  bce8cb9bda23c61ab301c43cd4cef7f9
- SHA1
  
  2c644f40d3fbc980454b0ab02dceb94284dc522b
- SHA256
  
  75099eecbdcbaedf899ebc906fc9840d2c8c36c4e20022e8eaccf0bec6f24155
- SHA512
  
  8c40707aa6d790982f1e736fe0656c3e50ad09f5165eb75213d4b8452d3df609305180fbf0ae1f2b0808135c08ea200962e932945a11b3e8bd2479c2781784e5
Score

9^/10

discovery exploit persistence
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies RDP port number used by Windows
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistence

behavioral2