Overview

overview

8

Static

static

c5d26ebd0f...7f.exe

windows7_x64

8

c5d26ebd0f...7f.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5d26ebd0fe9643c0c7db0e3680b9e7f.exe

  • Size

    37KB

  • Sample

    210422-rycaqlcnrn

  • MD5

    c5d26ebd0fe9643c0c7db0e3680b9e7f

  • SHA1

    d570c8b9c6ba24f0443c9dae8d41569532bacd3d

  • SHA256

    62761233916dc6c5b89f4719f7a4b3873b82ff2c25d5b38b0b4a63bf2469d5f0

  • SHA512

    98c358ef221c4a7517da9cb9013474586dcc4c7dfbf571ec220733f81a70143352e7e21fecb0d82901049cce2d7a2082a6da42e0b4df58565f1a1638296725f6

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      c5d26ebd0fe9643c0c7db0e3680b9e7f.exe

    • Size

      37KB

    • MD5

      c5d26ebd0fe9643c0c7db0e3680b9e7f

    • SHA1

      d570c8b9c6ba24f0443c9dae8d41569532bacd3d

    • SHA256

      62761233916dc6c5b89f4719f7a4b3873b82ff2c25d5b38b0b4a63bf2469d5f0

    • SHA512

      98c358ef221c4a7517da9cb9013474586dcc4c7dfbf571ec220733f81a70143352e7e21fecb0d82901049cce2d7a2082a6da42e0b4df58565f1a1638296725f6

    Score
    8/10
    evasionpersistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks