fb42df0d5ec2b31742cbf16c76d9152d415b3677c964122a7f3b4b65de489ae0 | Triage

Sharing

General

Target

fb42df0d5ec2b31742cbf16c76d9152d415b3677c964122a7f3b4b65de489ae0
Size

199KB
Sample

221003-p88ytsgeam
MD5

671405f6f59a49330b29dfb09ddc135e
SHA1

d1cd04211165b61c283e9dc454f2e7da97c07f22
SHA256

fb42df0d5ec2b31742cbf16c76d9152d415b3677c964122a7f3b4b65de489ae0
SHA512

e81d4ffc6ebfa81e2d23eff9a5c30ff2ac6b1212c3eefbfdefc3462ba971ac80fde23826c0b5224129092c39f0db94d387e2d4b5e227c5ebfd9261a54c2f55d3
SSDEEP

3072:2f8jmIahXzWAx5DxNn3hIE1b49CtpZGohI/4PTq4j2ub/y/Wt5mMqcs9URElFQpG:nmxoALRZ4mZGo6//j6t8Mq79iEL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fb42df0d5ec2b31742cbf16c76d9152d415b3677c964122a7f3b4b65de489ae0
- Size
  
  199KB
- MD5
  
  671405f6f59a49330b29dfb09ddc135e
- SHA1
  
  d1cd04211165b61c283e9dc454f2e7da97c07f22
- SHA256
  
  fb42df0d5ec2b31742cbf16c76d9152d415b3677c964122a7f3b4b65de489ae0
- SHA512
  
  e81d4ffc6ebfa81e2d23eff9a5c30ff2ac6b1212c3eefbfdefc3462ba971ac80fde23826c0b5224129092c39f0db94d387e2d4b5e227c5ebfd9261a54c2f55d3
- SSDEEP
  
  3072:2f8jmIahXzWAx5DxNn3hIE1b49CtpZGohI/4PTq4j2ub/y/Wt5mMqcs9URElFQpG:nmxoALRZ4mZGo6//j6t8Mq79iEL
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence