cbfa8f50b7f39eb6e5f2c3b47dd218338702d69c320305d532865306889cbec5 | Triage

Sharing

General

Target

cbfa8f50b7f39eb6e5f2c3b47dd218338702d69c320305d532865306889cbec5
Size

108KB
Sample

221019-s8mx5sedd8
MD5

a10a4bab1fd1f3576745ae0e89be5590
SHA1

55c27e117071b5ce89687bfd3769df308ec30a39
SHA256

cbfa8f50b7f39eb6e5f2c3b47dd218338702d69c320305d532865306889cbec5
SHA512

b3d05c27b831e1d9520eb7ccfbfe395f54b080ea445b1a4dc79152432a7f037ad68d99a6ff34e1868208ff3850d2863ad8005ed814f291eb23b63ce34ce88d70
SSDEEP

3072:3pJdnIvGLqC4xxiu6yCGmCyGyatgg5qJqY4oNB7YIKoMmC23ekcIG5GxNtWPTdF1:cGxNtWPTdFUia25vAEZQ6YYrQ/wm

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  cbfa8f50b7f39eb6e5f2c3b47dd218338702d69c320305d532865306889cbec5
- Size
  
  108KB
- MD5
  
  a10a4bab1fd1f3576745ae0e89be5590
- SHA1
  
  55c27e117071b5ce89687bfd3769df308ec30a39
- SHA256
  
  cbfa8f50b7f39eb6e5f2c3b47dd218338702d69c320305d532865306889cbec5
- SHA512
  
  b3d05c27b831e1d9520eb7ccfbfe395f54b080ea445b1a4dc79152432a7f037ad68d99a6ff34e1868208ff3850d2863ad8005ed814f291eb23b63ce34ce88d70
- SSDEEP
  
  3072:3pJdnIvGLqC4xxiu6yCGmCyGyatgg5qJqY4oNB7YIKoMmC23ekcIG5GxNtWPTdF1:cGxNtWPTdFUia25vAEZQ6YYrQ/wm
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence