41d01dc1ef5f2352ed4e90929d31ff40dbda6d4ee063f6d278a9328702ac4bd8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41d01dc1ef5f2352ed4e90929d31ff40dbda6d4ee063f6d278a9328702ac4bd8
Size

126KB
Sample

221003-bqsl8sadf8
MD5

6f3559990f47f309822b8ed8c426e8c0
SHA1

9886cba55531593d13d04b0479bf9f31fb25eb41
SHA256

41d01dc1ef5f2352ed4e90929d31ff40dbda6d4ee063f6d278a9328702ac4bd8
SHA512

efb0fb5135d011d50f3160e084aa8d30f95dad0d67050f62be54196b20a7dc31d56549b634fbc578f41e2ac474695e837f016908751f2df74583e122ef76215a
SSDEEP

1536:sLqVQFLMzbrRDqwzCg7wB9EFAhPY4YoZXXShZuRcgXFbrLq8Go:hALkq080Ahw1oZymca7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  41d01dc1ef5f2352ed4e90929d31ff40dbda6d4ee063f6d278a9328702ac4bd8
- Size
  
  126KB
- MD5
  
  6f3559990f47f309822b8ed8c426e8c0
- SHA1
  
  9886cba55531593d13d04b0479bf9f31fb25eb41
- SHA256
  
  41d01dc1ef5f2352ed4e90929d31ff40dbda6d4ee063f6d278a9328702ac4bd8
- SHA512
  
  efb0fb5135d011d50f3160e084aa8d30f95dad0d67050f62be54196b20a7dc31d56549b634fbc578f41e2ac474695e837f016908751f2df74583e122ef76215a
- SSDEEP
  
  1536:sLqVQFLMzbrRDqwzCg7wB9EFAhPY4YoZXXShZuRcgXFbrLq8Go:hALkq080Ahw1oZymca7
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence