f343cbf47c4797cc54cbe903a5341e01495807ff51cd3262948f2f831844377d | Triage

Sharing

General

Target

1ca42da8734369d68361fa07c518ed67.exe
Size

23KB
Sample

210118-923gl9877s
MD5

1ca42da8734369d68361fa07c518ed67
SHA1

d06558d66b3db5165c9da8764869be513ea04640
SHA256

f343cbf47c4797cc54cbe903a5341e01495807ff51cd3262948f2f831844377d
SHA512

26be9cdb3499eb10c1d5917e0e4f804aca0f3aeb5266c3cdd70f224f0d8c9d2415f9ac03a36eb9e80fa972612cb13a215457bcb2aa6002a3213b1b2b30e05a0e

Score

10^/10

evasion persistence

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/767786413151223842/789413987816177684/newnjjj.exe

Targets

- Target
  
  1ca42da8734369d68361fa07c518ed67.exe
- Size
  
  23KB
- MD5
  
  1ca42da8734369d68361fa07c518ed67
- SHA1
  
  d06558d66b3db5165c9da8764869be513ea04640
- SHA256
  
  f343cbf47c4797cc54cbe903a5341e01495807ff51cd3262948f2f831844377d
- SHA512
  
  26be9cdb3499eb10c1d5917e0e4f804aca0f3aeb5266c3cdd70f224f0d8c9d2415f9ac03a36eb9e80fa972612cb13a215457bcb2aa6002a3213b1b2b30e05a0e
Score

10^/10

evasion persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence