3ac9e67360ec258e374581b9e60d3e82f59b29fcefc58edf8877f14f996416ae | Triage

Sharing

General

Target

3ac9e67360ec258e374581b9e60d3e82f59b29fcefc58edf8877f14f996416ae
Size

932KB
Sample

221030-fydv9sdec9
MD5

9390a7a07408c32c5996f5ed706c2fb8
SHA1

0e234904d75e4d432199426bbc812bb55253a540
SHA256

3ac9e67360ec258e374581b9e60d3e82f59b29fcefc58edf8877f14f996416ae
SHA512

9b509242a6ea2a00ac8b8462bb0fc1862e75be805651674ad1be09d6b38a3cf4f486246be10034936c2cc69ff8f7b7e28decdeafc4c819fbdd5b92cd58f21ec3
SSDEEP

3072:yvxRc7U/tY6nCyILZ7TNlPgYGIqMWWAo2U8uCGGmj/h8RwmoCGOs7hem7TDXL7iX:yyPfMNRPlM0Q1hU

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3ac9e67360ec258e374581b9e60d3e82f59b29fcefc58edf8877f14f996416ae
- Size
  
  932KB
- MD5
  
  9390a7a07408c32c5996f5ed706c2fb8
- SHA1
  
  0e234904d75e4d432199426bbc812bb55253a540
- SHA256
  
  3ac9e67360ec258e374581b9e60d3e82f59b29fcefc58edf8877f14f996416ae
- SHA512
  
  9b509242a6ea2a00ac8b8462bb0fc1862e75be805651674ad1be09d6b38a3cf4f486246be10034936c2cc69ff8f7b7e28decdeafc4c819fbdd5b92cd58f21ec3
- SSDEEP
  
  3072:yvxRc7U/tY6nCyILZ7TNlPgYGIqMWWAo2U8uCGGmj/h8RwmoCGOs7hem7TDXL7iX:yyPfMNRPlM0Q1hU
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence