1f81572df155eac9fd46154a50c8f31b95ac10e50bc7ee2732b82524cd2a37ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f81572df155eac9fd46154a50c8f31b95ac10e50bc7ee2732b82524cd2a37ea
Size

226KB
Sample

221002-rc9xcsbdel
MD5

50ee4b2fe3246ca0525aa91d2f54f1d0
SHA1

611b6a93a12c5bf6e64399d200ec59f329d78a02
SHA256

1f81572df155eac9fd46154a50c8f31b95ac10e50bc7ee2732b82524cd2a37ea
SHA512

dc46e33e36e041598766f3a187da6bd5bfa5010aea265c63d079a82b5d18610529f8b927a2b51179dd9aa00ed45e06e34b090d66814aea474e9f3b3403379635
SSDEEP

3072:dllBI83Bb6mqhVj0ipx8QTbgv9eA8g5AIluGVHMdIROrv3eqFePxjcDG:dlH3zOe4NIB7AIl9MdzDeuo2D

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1f81572df155eac9fd46154a50c8f31b95ac10e50bc7ee2732b82524cd2a37ea
- Size
  
  226KB
- MD5
  
  50ee4b2fe3246ca0525aa91d2f54f1d0
- SHA1
  
  611b6a93a12c5bf6e64399d200ec59f329d78a02
- SHA256
  
  1f81572df155eac9fd46154a50c8f31b95ac10e50bc7ee2732b82524cd2a37ea
- SHA512
  
  dc46e33e36e041598766f3a187da6bd5bfa5010aea265c63d079a82b5d18610529f8b927a2b51179dd9aa00ed45e06e34b090d66814aea474e9f3b3403379635
- SSDEEP
  
  3072:dllBI83Bb6mqhVj0ipx8QTbgv9eA8g5AIluGVHMdIROrv3eqFePxjcDG:dlH3zOe4NIB7AIl9MdzDeuo2D
Score

10^/10

evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2