43c15d789aab951b882d293db5505233235f83d7099d8e7469729b51d3569903 | Triage

Sharing

General

Target

43c15d789aab951b882d293db5505233235f83d7099d8e7469729b51d3569903
Size

189KB
Sample

221028-wp32ssaadm
MD5

0c06f3adab5e71787a442444fc01dfa4
SHA1

d42133d5a3a20dcff8bef9b258e26cd27ff8e8f1
SHA256

43c15d789aab951b882d293db5505233235f83d7099d8e7469729b51d3569903
SHA512

c167dd3210db76762907ae4d848f4c28b51db0b36f8b3652fa71b5d99837b78790542295036864699f4a37abc208cf6e65d60a3c13113f6f5676eb233acf8953
SSDEEP

3072:S8RhaJGIXTFWchPO9zGy6IY0pvPXK61d7q4ExsHOMLDylIwuor2hn2:/aFMchm9G2PXK6X9ExADEIa

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  43c15d789aab951b882d293db5505233235f83d7099d8e7469729b51d3569903
- Size
  
  189KB
- MD5
  
  0c06f3adab5e71787a442444fc01dfa4
- SHA1
  
  d42133d5a3a20dcff8bef9b258e26cd27ff8e8f1
- SHA256
  
  43c15d789aab951b882d293db5505233235f83d7099d8e7469729b51d3569903
- SHA512
  
  c167dd3210db76762907ae4d848f4c28b51db0b36f8b3652fa71b5d99837b78790542295036864699f4a37abc208cf6e65d60a3c13113f6f5676eb233acf8953
- SSDEEP
  
  3072:S8RhaJGIXTFWchPO9zGy6IY0pvPXK61d7q4ExsHOMLDylIwuor2hn2:/aFMchm9G2PXK6X9ExADEIa
Score

10^/10

evasion
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Uses the VBS compiler for execution
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2