nefilim | a9399d36c36e5013ec4b3d6ef0a3f3bf41e3e1e9571ce08c9227b8657f18316b | Triage

Sharing

General

Target

a9399d36c36e5013ec4b3d6ef0a3f3bf41e3e1e9571ce08c9227b8657f18316b
Size

68KB
Sample

220131-3t1kssdfgk
MD5

6de331cb81f6b55de1ae2c367d26dde7
SHA1

cb5e48fc1874a4fadddcf7a7f4dad82ca6723d1e
SHA256

a9399d36c36e5013ec4b3d6ef0a3f3bf41e3e1e9571ce08c9227b8657f18316b
SHA512

bf5f8f2da545f1edbf3bdb8cd0dc2a0fc6c9d0ea42acfa5e4eecfa36f2c3d1a2c8fa92065ececb8dcdf50a020254dd270f9d43928dff6d3260c547b6d892e10d

Score

10^/10

nefilim persistence

Malware Config

Targets

- Target
  
  a9399d36c36e5013ec4b3d6ef0a3f3bf41e3e1e9571ce08c9227b8657f18316b
- Size
  
  68KB
- MD5
  
  6de331cb81f6b55de1ae2c367d26dde7
- SHA1
  
  cb5e48fc1874a4fadddcf7a7f4dad82ca6723d1e
- SHA256
  
  a9399d36c36e5013ec4b3d6ef0a3f3bf41e3e1e9571ce08c9227b8657f18316b
- SHA512
  
  bf5f8f2da545f1edbf3bdb8cd0dc2a0fc6c9d0ea42acfa5e4eecfa36f2c3d1a2c8fa92065ececb8dcdf50a020254dd270f9d43928dff6d3260c547b6d892e10d
Score

10^/10

persistence
- Suspicious use of NtCreateProcessExOtherParentProcess
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2