Overview

overview

10

Static

static

10

99a0c3a579...e1.dll

windows7_x64

3

99a0c3a579...e1.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1

  • Size

    33KB

  • Sample

    220201-pt9a2sebfl

  • MD5

    1aeecb2827babb42468d8257aa6afdeb

  • SHA1

    653f6938e5521cf70596fc4a3f1d8c8eef21959a

  • SHA256

    99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1

  • SHA512

    846874d5488fe6aebe39f7c84cdf43bb3af418835bf3bc87a0a799c108d4966121a46a5e8f5d17bd98e5fb376d09169de48e7ea1129dd1b3df72b4508dff9f4c

Score
10/10
doublebackpersistence

Malware Config

Targets

    • Target

      99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1

    • Size

      33KB

    • MD5

      1aeecb2827babb42468d8257aa6afdeb

    • SHA1

      653f6938e5521cf70596fc4a3f1d8c8eef21959a

    • SHA256

      99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1

    • SHA512

      846874d5488fe6aebe39f7c84cdf43bb3af418835bf3bc87a0a799c108d4966121a46a5e8f5d17bd98e5fb376d09169de48e7ea1129dd1b3df72b4508dff9f4c

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks