da9ee958ba0d0a5df96fe09b4a71e6226919e538ae1d477b5ce53ff39324e337 | Triage

Sharing

General

Target

da9ee958ba0d0a5df96fe09b4a71e6226919e538ae1d477b5ce53ff39324e337
Size

206KB
Sample

221004-ds7kaaadgp
MD5

33e6bb33eec6c2164bf159e828b66965
SHA1

a8d6d15d2675fc511dabdd0380cbc8b248c75688
SHA256

da9ee958ba0d0a5df96fe09b4a71e6226919e538ae1d477b5ce53ff39324e337
SHA512

ac5f234e7098bfd280e91a6e796f4267e5e6dcb210f4593b69e63bce9908ba074a8114a068fe32b24f101b2931d1db78dc4a0a9f8ea6c9242e0a8581be25ed7c
SSDEEP

3072:p9xbvI3tMJKDJDu2WE7ZG1SnkOT94qxkuM70bnSs5SU28+NRybbNmK20RDRu3D:p9xUtVDBu2NZG1qFiqZz35SxqpmKvuT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  da9ee958ba0d0a5df96fe09b4a71e6226919e538ae1d477b5ce53ff39324e337
- Size
  
  206KB
- MD5
  
  33e6bb33eec6c2164bf159e828b66965
- SHA1
  
  a8d6d15d2675fc511dabdd0380cbc8b248c75688
- SHA256
  
  da9ee958ba0d0a5df96fe09b4a71e6226919e538ae1d477b5ce53ff39324e337
- SHA512
  
  ac5f234e7098bfd280e91a6e796f4267e5e6dcb210f4593b69e63bce9908ba074a8114a068fe32b24f101b2931d1db78dc4a0a9f8ea6c9242e0a8581be25ed7c
- SSDEEP
  
  3072:p9xbvI3tMJKDJDu2WE7ZG1SnkOT94qxkuM70bnSs5SU28+NRybbNmK20RDRu3D:p9xUtVDBu2NZG1qFiqZz35SxqpmKvuT
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2