253badb37098e683f19eea45006506fbfcad4e590ae3f6329d726c6720dab935 | Triage

Sharing

General

Target

253badb37098e683f19eea45006506fbfcad4e590ae3f6329d726c6720dab935
Size

4.3MB
Sample

220913-17av7agfh7
MD5

1c92d41901198d8274ade85a03a6d42a
SHA1

f390cc120bc6b2f50bdd7bfe1ef565f63052a902
SHA256

253badb37098e683f19eea45006506fbfcad4e590ae3f6329d726c6720dab935
SHA512

274ff2e260086ab3b302d94beeb66dab07cf4bc8c7f20aa4bf131b9605e2058064a9603862c83c2a16240aafed65510ea13beda60ea85ed7a0413ef513e97977
SSDEEP

98304:R94PB54c9eInE6Rt/3kKxtp9wSEkpFynVXfnloclLF:R9Iug/nEsvkctp9wrTVfF

Score

10^/10

discovery evasion exploit

Malware Config

Targets

- Target
  
  253badb37098e683f19eea45006506fbfcad4e590ae3f6329d726c6720dab935
- Size
  
  4.3MB
- MD5
  
  1c92d41901198d8274ade85a03a6d42a
- SHA1
  
  f390cc120bc6b2f50bdd7bfe1ef565f63052a902
- SHA256
  
  253badb37098e683f19eea45006506fbfcad4e590ae3f6329d726c6720dab935
- SHA512
  
  274ff2e260086ab3b302d94beeb66dab07cf4bc8c7f20aa4bf131b9605e2058064a9603862c83c2a16240aafed65510ea13beda60ea85ed7a0413ef513e97977
- SSDEEP
  
  98304:R94PB54c9eInE6Rt/3kKxtp9wSEkpFynVXfnloclLF:R9Iug/nEsvkctp9wrTVfF
Score

10^/10

discovery evasion exploit
- Modifies security service
  evasion
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

discoveryevasionexploit