deb6a175d56e09e4709c73c8c40a1fb88e2cf5bee812149217c824cb0815492d | Triage

Sharing

General

Target

deb6a175d56e09e4709c73c8c40a1fb88e2cf5bee812149217c824cb0815492d
Size

2.6MB
Sample

220520-18k3jsaabn
MD5

b12aeed252db94f858037957b35f7997
SHA1

2dffcaf75338359cd039fd827556835ac9d1e212
SHA256

deb6a175d56e09e4709c73c8c40a1fb88e2cf5bee812149217c824cb0815492d
SHA512

d012897bd4beba65a8c65ede1a4679f671713f448305c9606de57265fad34a7bb523859fe2778216c82583cd0af7f3c8e0a892ece68b69a56651933c1e5db97a

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  deb6a175d56e09e4709c73c8c40a1fb88e2cf5bee812149217c824cb0815492d
- Size
  
  2.6MB
- MD5
  
  b12aeed252db94f858037957b35f7997
- SHA1
  
  2dffcaf75338359cd039fd827556835ac9d1e212
- SHA256
  
  deb6a175d56e09e4709c73c8c40a1fb88e2cf5bee812149217c824cb0815492d
- SHA512
  
  d012897bd4beba65a8c65ede1a4679f671713f448305c9606de57265fad34a7bb523859fe2778216c82583cd0af7f3c8e0a892ece68b69a56651933c1e5db97a
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence