de9576b67dca2f308dddff92b41e7013ce3c1e18407a40d257850ed494d71e71 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de9576b67dca2f308dddff92b41e7013ce3c1e18407a40d257850ed494d71e71
Size

248KB
Sample

221011-zffrpadegl
MD5

694ff85502e0cd19dae5ad7d8e03f9e0
SHA1

2ea1084b2d03518cb97686e15e538e068c1c75dc
SHA256

de9576b67dca2f308dddff92b41e7013ce3c1e18407a40d257850ed494d71e71
SHA512

a2025a63c15a14e8a3950a8cc4e188e4024f950be524330bf654bfe2d0070788d720110d0577ea26511edcd5b65ae393bd0ec3898ffa7c7c3136f5bfec09df0e
SSDEEP

6144:ta5tv0z4TYzF2p1n11AgsXA90QOEzVJu91bIUprKoxeGY4Pc8daanUrhynDVBSh5:tabszRFq1n11AHXQOEzVJu91bIUprKoc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  de9576b67dca2f308dddff92b41e7013ce3c1e18407a40d257850ed494d71e71
- Size
  
  248KB
- MD5
  
  694ff85502e0cd19dae5ad7d8e03f9e0
- SHA1
  
  2ea1084b2d03518cb97686e15e538e068c1c75dc
- SHA256
  
  de9576b67dca2f308dddff92b41e7013ce3c1e18407a40d257850ed494d71e71
- SHA512
  
  a2025a63c15a14e8a3950a8cc4e188e4024f950be524330bf654bfe2d0070788d720110d0577ea26511edcd5b65ae393bd0ec3898ffa7c7c3136f5bfec09df0e
- SSDEEP
  
  6144:ta5tv0z4TYzF2p1n11AgsXA90QOEzVJu91bIUprKoxeGY4Pc8daanUrhynDVBSh5:tabszRFq1n11AHXQOEzVJu91bIUprKoc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2