be47d127fef40c7113a6c743724d33e54a2b74092f4ffac780f88e1586f359c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be47d127fef40c7113a6c743724d33e54a2b74092f4ffac780f88e1586f359c8
Size

184KB
Sample

221029-lyxahacccl
MD5

710de6edd8584c15241bdaf4f1ff2e4e
SHA1

daf9c4f009ad39d20beba93b2f691d3245be589b
SHA256

be47d127fef40c7113a6c743724d33e54a2b74092f4ffac780f88e1586f359c8
SHA512

ec2a0a8d87477aeb5b708a08628270e4bc4fe41a0f267eb990155cc749e9d71344d5a6190f20e1e615b4b2024c2ae48c85c491f7d332b7b271a83e7c244285ff
SSDEEP

3072:q4oC0QO4BWG8iHurzLzXdqsrXI1s08LbF2JUG9iTgt23UCIG0:qMpO4cG8GurnRqv1s00J1GcVE/G

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  be47d127fef40c7113a6c743724d33e54a2b74092f4ffac780f88e1586f359c8
- Size
  
  184KB
- MD5
  
  710de6edd8584c15241bdaf4f1ff2e4e
- SHA1
  
  daf9c4f009ad39d20beba93b2f691d3245be589b
- SHA256
  
  be47d127fef40c7113a6c743724d33e54a2b74092f4ffac780f88e1586f359c8
- SHA512
  
  ec2a0a8d87477aeb5b708a08628270e4bc4fe41a0f267eb990155cc749e9d71344d5a6190f20e1e615b4b2024c2ae48c85c491f7d332b7b271a83e7c244285ff
- SSDEEP
  
  3072:q4oC0QO4BWG8iHurzLzXdqsrXI1s08LbF2JUG9iTgt23UCIG0:qMpO4cG8GurnRqv1s00J1GcVE/G
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2