85f1535b8b3a521ef680aa4f27689f9afe73c06c7867c60c1dc69265333cfebc | Triage

Sharing

General

Target

85f1535b8b3a521ef680aa4f27689f9afe73c06c7867c60c1dc69265333cfebc
Size

528KB
Sample

221011-h6hkjacaer
MD5

638fd063b3bab8511a87841c11f9d06b
SHA1

80f114938951de22fc7bf32d3fa3fdc461a0659b
SHA256

85f1535b8b3a521ef680aa4f27689f9afe73c06c7867c60c1dc69265333cfebc
SHA512

f60075233c7b1db47ee7ff2a936e48258f5206f66211290aa6b40319994e34809a0be505b8d1ab7b57115d3d6726e5b72264696e667f3d8c9bd1e5b9ba2796b8
SSDEEP

12288:O1T9O/qYv8/iWlq0bZBZsI+oG1KsFXyeIeoUj:Ak0bNs9FtyeI+j

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  85f1535b8b3a521ef680aa4f27689f9afe73c06c7867c60c1dc69265333cfebc
- Size
  
  528KB
- MD5
  
  638fd063b3bab8511a87841c11f9d06b
- SHA1
  
  80f114938951de22fc7bf32d3fa3fdc461a0659b
- SHA256
  
  85f1535b8b3a521ef680aa4f27689f9afe73c06c7867c60c1dc69265333cfebc
- SHA512
  
  f60075233c7b1db47ee7ff2a936e48258f5206f66211290aa6b40319994e34809a0be505b8d1ab7b57115d3d6726e5b72264696e667f3d8c9bd1e5b9ba2796b8
- SSDEEP
  
  12288:O1T9O/qYv8/iWlq0bZBZsI+oG1KsFXyeIeoUj:Ak0bNs9FtyeI+j
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence