63bb19f8e9390aba5fc3d0b08f89d5ee0ba8752ee534bee0862d8a7edcb7f234 | Triage

Sharing

General

Target

63bb19f8e9390aba5fc3d0b08f89d5ee0ba8752ee534bee0862d8a7edcb7f234
Size

53KB
Sample

221029-nmt24seab9
MD5

523353b1f76a793f0feb72e621e0d4a6
SHA1

0c39c8e49b9a3cd627e580ae81eea2dc89e85b06
SHA256

63bb19f8e9390aba5fc3d0b08f89d5ee0ba8752ee534bee0862d8a7edcb7f234
SHA512

ee727530e79356e7393a6ae1f74512c9cd7a0c3e555b4c5d4e26f4f0a87dec6503b95d74289db31742df73f8eac57ae78e41b8e53a50b70101040eced83d976c
SSDEEP

768:x9wGPjwcaF1IaeeTlBHS3L5CH8pWJtNxkG2M93iOldGy1DJ15WJ77gDldqIU73oR:xJkcVqq75ChJ/iVM9SOldGyh7k8TE3y

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  63bb19f8e9390aba5fc3d0b08f89d5ee0ba8752ee534bee0862d8a7edcb7f234
- Size
  
  53KB
- MD5
  
  523353b1f76a793f0feb72e621e0d4a6
- SHA1
  
  0c39c8e49b9a3cd627e580ae81eea2dc89e85b06
- SHA256
  
  63bb19f8e9390aba5fc3d0b08f89d5ee0ba8752ee534bee0862d8a7edcb7f234
- SHA512
  
  ee727530e79356e7393a6ae1f74512c9cd7a0c3e555b4c5d4e26f4f0a87dec6503b95d74289db31742df73f8eac57ae78e41b8e53a50b70101040eced83d976c
- SSDEEP
  
  768:x9wGPjwcaF1IaeeTlBHS3L5CH8pWJtNxkG2M93iOldGy1DJ15WJ77gDldqIU73oR:xJkcVqq75ChJ/iVM9SOldGyh7k8TE3y
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2