27f71c077a67b83962cfed7d2f43433e2d0d333215a8b80a8622c91241977449 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27f71c077a67b83962cfed7d2f43433e2d0d333215a8b80a8622c91241977449
Size

31KB
Sample

220919-r15bsahagn
MD5

472c69dea3b9244975cfa0cb84ac4381
SHA1

15064f1e15b6ae5d0701c2591fbcb47a6d209829
SHA256

27f71c077a67b83962cfed7d2f43433e2d0d333215a8b80a8622c91241977449
SHA512

d4e45b95ee37c8929ec348ec8ef609e850c4597175878cb871bf46d27275b74043d609bdea472df0581aa65af4d55ceb6cc8158914e5c0a44a5f1f48534205f3
SSDEEP

384:xFrI8pIxASzb6rpwVk5l40/tpvBhQFNlN3WEMWSZWR3z2gYX37Vt0Q4iB0z:xBIqISSpkr4CdDQtN3LhGsD2/Hn0Fiez

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  27f71c077a67b83962cfed7d2f43433e2d0d333215a8b80a8622c91241977449
- Size
  
  31KB
- MD5
  
  472c69dea3b9244975cfa0cb84ac4381
- SHA1
  
  15064f1e15b6ae5d0701c2591fbcb47a6d209829
- SHA256
  
  27f71c077a67b83962cfed7d2f43433e2d0d333215a8b80a8622c91241977449
- SHA512
  
  d4e45b95ee37c8929ec348ec8ef609e850c4597175878cb871bf46d27275b74043d609bdea472df0581aa65af4d55ceb6cc8158914e5c0a44a5f1f48534205f3
- SSDEEP
  
  384:xFrI8pIxASzb6rpwVk5l40/tpvBhQFNlN3WEMWSZWR3z2gYX37Vt0Q4iB0z:xBIqISSpkr4CdDQtN3LhGsD2/Hn0Fiez
Score

10^/10

evasion persistence
- Modifies system executable filetype association
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2