396943ee54aa81874ec8dbdd68236cd9fc5e1528e14ee2cdf8e8aa994e76310e | Triage

Sharing

General

Target

396943ee54aa81874ec8dbdd68236cd9fc5e1528e14ee2cdf8e8aa994e76310e
Size

108KB
Sample

220919-ygwc4aachn
MD5

4059087855ce408818be6ae00db4b0be
SHA1

2c5b872367270f6ead81c2e4d1ab150f4a4da29e
SHA256

396943ee54aa81874ec8dbdd68236cd9fc5e1528e14ee2cdf8e8aa994e76310e
SHA512

4434a1a061822055f64fad881f0cc3e24621b60b00ec27dbc6690e125590c523b4be963f49a8fc20e7761cbc1be6f1260adf3f6900b9d667d26855d64d296bf6
SSDEEP

3072:lWCnxG9QL2Se7/ZGDhkWTU4MubTdzJL2c9/D61WU:pxG9p7BGDeWTbvdzB9O7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  396943ee54aa81874ec8dbdd68236cd9fc5e1528e14ee2cdf8e8aa994e76310e
- Size
  
  108KB
- MD5
  
  4059087855ce408818be6ae00db4b0be
- SHA1
  
  2c5b872367270f6ead81c2e4d1ab150f4a4da29e
- SHA256
  
  396943ee54aa81874ec8dbdd68236cd9fc5e1528e14ee2cdf8e8aa994e76310e
- SHA512
  
  4434a1a061822055f64fad881f0cc3e24621b60b00ec27dbc6690e125590c523b4be963f49a8fc20e7761cbc1be6f1260adf3f6900b9d667d26855d64d296bf6
- SSDEEP
  
  3072:lWCnxG9QL2Se7/ZGDhkWTU4MubTdzJL2c9/D61WU:pxG9p7BGDeWTbvdzB9O7
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence