Overview

overview

8

Static

static

c2dd9042bc...51.exe

windows7_x64

8

c2dd9042bc...51.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2dd9042bc69f1a3b2dfc4dc3c696832c3fe81ba5f32d09fc8825be9c361eb51

  • Size

    32KB

  • Sample

    220521-az6psaeafk

  • MD5

    c0f77ad2a9e0a77e274380faf12e1d9a

  • SHA1

    b757e1f5214a3a751a3dc71a77c9448a22dd6d12

  • SHA256

    c2dd9042bc69f1a3b2dfc4dc3c696832c3fe81ba5f32d09fc8825be9c361eb51

  • SHA512

    644912b2e408b194ae1824864d7450f7b093b78e6103fe5a5d502166aac676ec2145f30b163d177bbdf49e9f82d1cb64e7fd435651d955cf3d0ec294d9ce64fa

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      c2dd9042bc69f1a3b2dfc4dc3c696832c3fe81ba5f32d09fc8825be9c361eb51

    • Size

      32KB

    • MD5

      c0f77ad2a9e0a77e274380faf12e1d9a

    • SHA1

      b757e1f5214a3a751a3dc71a77c9448a22dd6d12

    • SHA256

      c2dd9042bc69f1a3b2dfc4dc3c696832c3fe81ba5f32d09fc8825be9c361eb51

    • SHA512

      644912b2e408b194ae1824864d7450f7b093b78e6103fe5a5d502166aac676ec2145f30b163d177bbdf49e9f82d1cb64e7fd435651d955cf3d0ec294d9ce64fa

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks