465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

General
Target

465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

Size

2MB

Sample

220510-l98gxaged2

Score
10 /10
MD5

79dbc1a54d33366681f1e926d565cad4

SHA1

907cf0ec6784bf140f9759d6931d3697da0fc229

SHA256

465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

SHA512

6d66ae7edc6028e8bc1eac9caf85f5d2d38a6c000e5fa907c9eec5786b225aeeb7c0b565bee9aa7b09f6f792d0857e3d06f0e3ed832d73047506a18ce15371dd

Malware Config
Targets
Target

465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

MD5

79dbc1a54d33366681f1e926d565cad4

Filesize

2MB

Score
10/10
SHA1

907cf0ec6784bf140f9759d6931d3697da0fc229

SHA256

465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

SHA512

6d66ae7edc6028e8bc1eac9caf85f5d2d38a6c000e5fa907c9eec5786b225aeeb7c0b565bee9aa7b09f6f792d0857e3d06f0e3ed832d73047506a18ce15371dd

Tags

Signatures

  • Modifies security service

    Tags

    TTPs

    Modify RegistryModify Existing Service
  • Executes dropped EXE

  • Possible privilege escalation attempt

    Tags

  • Stops running service(s)

    Tags

    TTPs

    Modify Existing ServiceService Stop
  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10