a4727d2046c8b832c1b057e1008e8ec3f47b5cf480ed34cf45e55c80c75d29f0 | Triage

Sharing

General

Target

YG.rar
Size

318KB
Sample

210727-6ve4gxay8n
MD5

bec08bd3f87f2274ec74a8dc49e17a95
SHA1

86cc8f2190bb8d1e113326113a2e67bb06e54219
SHA256

a4727d2046c8b832c1b057e1008e8ec3f47b5cf480ed34cf45e55c80c75d29f0
SHA512

192c4e07a017c6647efd5e8f126ed1dfa982022e876e95db9dd36454d604f84fe3a0cf8ee7fded1e5f410a78be4733adedb7d222692a50bcb97726c30e245fc2

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  driver.sys
- Size
  
  7KB
- MD5
  
  a3a1584afabbbdf578029fb426546bad
- SHA1
  
  adb9df143732f0d717e76c36491d7a9433020fa9
- SHA256
  
  ea934232f881d18778d9b7e9cab745f985b928d7100c10b3d7b6961f5a29b242
- SHA512
  
  8e0c290c79ee20322b10a1d20cb1748254a8a7905126da09d3a3084046e1fbe805b9c392f419dc94856bca152305d58b3cbf04d8c6fa1a7c74e8fb4cd170e29b
Score

1^/10
behavioral1
- Target
  
  kdmapper.exe
- Size
  
  125KB
- MD5
  
  2304a0eab0be84e731ec9e89277502d4
- SHA1
  
  856436905d3f44a52452ed9e2ff1b547e596c0b5
- SHA256
  
  ba2f9a243358ee3d30d883922c17fce4040152d06acc2d0f6b671fc0ae457dcc
- SHA512
  
  05521bade15add04d93819957f3ecb546d9ff373effb4c0e93c59a6004aa929b79a2bf9bbba6ffc6c61915951c16d7b23bd308aba2f376b6f9827aac1d8778d3
Score

1^/10
behavioral2
- Target
  
  usermode.exe
- Size
  
  538KB
- MD5
  
  64da53a1ad2963ed380fab71e6cfd2e3
- SHA1
  
  de941935e1182a9fc4682d00e69d32889dce607d
- SHA256
  
  eb1219f5e6bde5ce7ad50a6487315176ee2bfde36f4d1cfafdb264b4f54b539c
- SHA512
  
  f80a35d05bef5c7a5f44cdb7f04a78d962a33cebb1a7d15bd12a0f258efdc8d4728f562980b9176daf209b962b7f37245784e2355cfa0ab566c35f423095d998
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3