General

  • Target

    d5b6ec53516a436f2548b43124d782c6c87b43d7424f8ed55aabb155c6f928dd

  • Size

    5.3MB

  • Sample

    220511-2an7zsbah3

  • MD5

    a3983c873720ecc761e356fb4def2af1

  • SHA1

    ff4f82ecef69772cfb0a4d072ec6ae23fc1c3f60

  • SHA256

    d5b6ec53516a436f2548b43124d782c6c87b43d7424f8ed55aabb155c6f928dd

  • SHA512

    95be99719a5fed4bb1f7264d3569981d294dffa634cc478a44aec056e606d77c3e31ac4991793a1682717f2c2603e5830757b617fb3b88b5ff43169d3a616ea1

Malware Config

Targets

    • Target

      d5b6ec53516a436f2548b43124d782c6c87b43d7424f8ed55aabb155c6f928dd

    • Size

      5.3MB

    • MD5

      a3983c873720ecc761e356fb4def2af1

    • SHA1

      ff4f82ecef69772cfb0a4d072ec6ae23fc1c3f60

    • SHA256

      d5b6ec53516a436f2548b43124d782c6c87b43d7424f8ed55aabb155c6f928dd

    • SHA512

      95be99719a5fed4bb1f7264d3569981d294dffa634cc478a44aec056e606d77c3e31ac4991793a1682717f2c2603e5830757b617fb3b88b5ff43169d3a616ea1

    • Modifies security service

    • Executes dropped EXE

    • Possible privilege escalation attempt

    • Stops running service(s)

    • Modifies file permissions

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

2
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

1
T1562

File Permissions Modification

1
T1222

Impact

Service Stop

1
T1489

Tasks