b3bbe0ce638b7ed22569fa451949b3b860a26e3b1de25691a23e7a75511b0e75 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3bbe0ce638b7ed22569fa451949b3b860a26e3b1de25691a23e7a75511b0e75
Size

124KB
Sample

221003-q23znshgc5
MD5

67935c711f91ef5a04173ef779f80940
SHA1

5a9a1deb6a86c7397225791543c7d22240b21e69
SHA256

b3bbe0ce638b7ed22569fa451949b3b860a26e3b1de25691a23e7a75511b0e75
SHA512

6031afdd1f65886c582cfb09520b3bcb84d7a2af4ed8a5fb55122622129133b0e0166ad5ca62dfff16e2c5f0ee414adf577edb72af365fc63b7e2b12ae1c9743
SSDEEP

3072:DML4ZuMcDg6P25bj+0k9sAFHBeP4xe+Za26:8LJu5bi0kleuL6

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b3bbe0ce638b7ed22569fa451949b3b860a26e3b1de25691a23e7a75511b0e75
- Size
  
  124KB
- MD5
  
  67935c711f91ef5a04173ef779f80940
- SHA1
  
  5a9a1deb6a86c7397225791543c7d22240b21e69
- SHA256
  
  b3bbe0ce638b7ed22569fa451949b3b860a26e3b1de25691a23e7a75511b0e75
- SHA512
  
  6031afdd1f65886c582cfb09520b3bcb84d7a2af4ed8a5fb55122622129133b0e0166ad5ca62dfff16e2c5f0ee414adf577edb72af365fc63b7e2b12ae1c9743
- SSDEEP
  
  3072:DML4ZuMcDg6P25bj+0k9sAFHBeP4xe+Za26:8LJu5bi0kleuL6
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence