ce31e3a066cf6e9f585474d7b80f31b1f9da81c168bcdbe5cfdda1b7a71a9d5b | Triage

Sharing

General

Target

ce31e3a066cf6e9f585474d7b80f31b1f9da81c168bcdbe5cfdda1b7a71a9d5b
Size

108KB
Sample

221011-dcqa3abhal
MD5

70aa65000971a15507d18d4ab0b3e6ef
SHA1

7cd24fe30c3a160a41a96a29fdd01e21f66d94bb
SHA256

ce31e3a066cf6e9f585474d7b80f31b1f9da81c168bcdbe5cfdda1b7a71a9d5b
SHA512

f12c78cf15784b1299e8666f1b59f384c31908e35a88704341fb0e11e4083f0e376ce062a2398ca0a5ced9664cb26d85e0a835651d37cc50ed03958d70060f34
SSDEEP

1536:hz43i6EJ02LyV3kFdp+0zI1ZBjhRDmmHeIcinLJcoHQHF3i6EJ02LyV3rEx:hzLyV3kF21im+YLzLyV3I

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ce31e3a066cf6e9f585474d7b80f31b1f9da81c168bcdbe5cfdda1b7a71a9d5b
- Size
  
  108KB
- MD5
  
  70aa65000971a15507d18d4ab0b3e6ef
- SHA1
  
  7cd24fe30c3a160a41a96a29fdd01e21f66d94bb
- SHA256
  
  ce31e3a066cf6e9f585474d7b80f31b1f9da81c168bcdbe5cfdda1b7a71a9d5b
- SHA512
  
  f12c78cf15784b1299e8666f1b59f384c31908e35a88704341fb0e11e4083f0e376ce062a2398ca0a5ced9664cb26d85e0a835651d37cc50ed03958d70060f34
- SSDEEP
  
  1536:hz43i6EJ02LyV3kFdp+0zI1ZBjhRDmmHeIcinLJcoHQHF3i6EJ02LyV3rEx:hzLyV3kF21im+YLzLyV3I
Score

10^/10

evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Account Manipulation

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Account Manipulation

Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence