2ac3d9f4a9e3f1df797173c0b23f675d6216278433623e5cd42f37109349acb6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ac3d9f4a9e3f1df797173c0b23f675d6216278433623e5cd42f37109349acb6
Size

173KB
Sample

221029-fabe8sbeb5
MD5

8a81d5ee862c03d0647b951a3a8e9cab
SHA1

6292550c08a81a854c4f680132a8fb1d1b83d3bd
SHA256

2ac3d9f4a9e3f1df797173c0b23f675d6216278433623e5cd42f37109349acb6
SHA512

5c45add4ae920333598aadc3eca24409ccc7be42dd784f8877f64915dff8692701b6f330c35a8ccc00eebe42b1d53e7714674cf438eba72ab0d836fce35362ba
SSDEEP

3072:RGKnHomHIEEfcOU14w2BmqUZPnAaeN9BAlxLUzCuGN/AcnUM3N8v7maUJ4:oKTHIEEfrM2zURsNDAlxAzC1CSDN8v7q

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  2ac3d9f4a9e3f1df797173c0b23f675d6216278433623e5cd42f37109349acb6
- Size
  
  173KB
- MD5
  
  8a81d5ee862c03d0647b951a3a8e9cab
- SHA1
  
  6292550c08a81a854c4f680132a8fb1d1b83d3bd
- SHA256
  
  2ac3d9f4a9e3f1df797173c0b23f675d6216278433623e5cd42f37109349acb6
- SHA512
  
  5c45add4ae920333598aadc3eca24409ccc7be42dd784f8877f64915dff8692701b6f330c35a8ccc00eebe42b1d53e7714674cf438eba72ab0d836fce35362ba
- SSDEEP
  
  3072:RGKnHomHIEEfcOU14w2BmqUZPnAaeN9BAlxLUzCuGN/AcnUM3N8v7maUJ4:oKTHIEEfrM2zURsNDAlxAzC1CSDN8v7q
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence