f3cf73766d62ddef9069a8581cd609bf067436e046c84dbef4522731d172d113 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f3cf73766d62ddef9069a8581cd609bf067436e046c84dbef4522731d172d113
Size

217KB
Sample

221106-hnwz7sggh8
MD5

22c3f3283e73e9701687341ab95f024b
SHA1

44e160029984de394a09f34c1acf69971f65c80b
SHA256

f3cf73766d62ddef9069a8581cd609bf067436e046c84dbef4522731d172d113
SHA512

ffbca859a73b087d190ef63db9c65e4ece2775743e0a9b33a10d334ec9f62b5ebc895cc72c13e2d306e73455b066609cbb9a5e056313fa85e9043d2b45b31a3a
SSDEEP

6144:Kf6ImqwLiZ7sbVx2arjkMm0VfCksHO1SJUTV:KSmZ7sv2arIMm0VfCksHuh

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  f3cf73766d62ddef9069a8581cd609bf067436e046c84dbef4522731d172d113
- Size
  
  217KB
- MD5
  
  22c3f3283e73e9701687341ab95f024b
- SHA1
  
  44e160029984de394a09f34c1acf69971f65c80b
- SHA256
  
  f3cf73766d62ddef9069a8581cd609bf067436e046c84dbef4522731d172d113
- SHA512
  
  ffbca859a73b087d190ef63db9c65e4ece2775743e0a9b33a10d334ec9f62b5ebc895cc72c13e2d306e73455b066609cbb9a5e056313fa85e9043d2b45b31a3a
- SSDEEP
  
  6144:Kf6ImqwLiZ7sbVx2arjkMm0VfCksHO1SJUTV:KSmZ7sv2arIMm0VfCksHuh
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2