0073dff04251a2a400f5c542630bdf291c341406cb7fdc9b2a411dc633fc2590 | Triage

Sharing

General

Target

0073dff04251a2a400f5c542630bdf291c341406cb7fdc9b2a411dc633fc2590
Size

204KB
Sample

220516-ygvrkaebc4
MD5

015475207d5f3954b4a964ae05030afb
SHA1

c82bd3fc33f143f96a7b39b18619de6d7d9c3331
SHA256

0073dff04251a2a400f5c542630bdf291c341406cb7fdc9b2a411dc633fc2590
SHA512

51a1eaf1fb647c1e13c3e4d60bdee0b4dc59958127c96f04a6256d96eaab2077fed6359a712b68a8bb72059bffbf528910cfc59bdd6254097b113710905fbc24

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0073dff04251a2a400f5c542630bdf291c341406cb7fdc9b2a411dc633fc2590
- Size
  
  204KB
- MD5
  
  015475207d5f3954b4a964ae05030afb
- SHA1
  
  c82bd3fc33f143f96a7b39b18619de6d7d9c3331
- SHA256
  
  0073dff04251a2a400f5c542630bdf291c341406cb7fdc9b2a411dc633fc2590
- SHA512
  
  51a1eaf1fb647c1e13c3e4d60bdee0b4dc59958127c96f04a6256d96eaab2077fed6359a712b68a8bb72059bffbf528910cfc59bdd6254097b113710905fbc24
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2