116a80b9656d3f0e17d63cd0b0c8c846ae11eed78ba84b4fddba95ea5d6f13e4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BadwareFreeValo.exe
Size

6.6MB
Sample

221104-t8talaahbm
MD5

ada216b77ddd4e5348a3b141e0134693
SHA1

10425d5f97105124ab33a4997371b141cb09b9ef
SHA256

116a80b9656d3f0e17d63cd0b0c8c846ae11eed78ba84b4fddba95ea5d6f13e4
SHA512

4529e0d8f684020edbce9f056b8349207abf4b49cf94475ab21b73bfb4ae16c7046b36e3be289a08e825fb33145d7ab5612c492ad1e279d550c0a133a62b1a1b
SSDEEP

98304:3dOKCra5ySTQQpENgTHIhXJKqm0UAiAO2g0XoBY7iVZ1KUsEhXFvaqup0JKbplGF:30KCu5IQpHUnRO2BaYM1KfqVSquz4k

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  BadwareFreeValo.exe
- Size
  
  6.6MB
- MD5
  
  ada216b77ddd4e5348a3b141e0134693
- SHA1
  
  10425d5f97105124ab33a4997371b141cb09b9ef
- SHA256
  
  116a80b9656d3f0e17d63cd0b0c8c846ae11eed78ba84b4fddba95ea5d6f13e4
- SHA512
  
  4529e0d8f684020edbce9f056b8349207abf4b49cf94475ab21b73bfb4ae16c7046b36e3be289a08e825fb33145d7ab5612c492ad1e279d550c0a133a62b1a1b
- SSDEEP
  
  98304:3dOKCra5ySTQQpENgTHIhXJKqm0UAiAO2g0XoBY7iVZ1KUsEhXFvaqup0JKbplGF:30KCu5IQpHUnRO2BaYM1KfqVSquz4k
Score

8^/10

evasion persistence
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

evasionpersistence