6254b5b2a78652569e2f1827d86e9acca51bf6a0a206c539984bab4e86d071fb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6254b5b2a78652569e2f1827d86e9acca51bf6a0a206c539984bab4e86d071fb
Size

209KB
Sample

221106-kmyhraccf6
MD5

135285499476889b341cbcaf9e480ad6
SHA1

533b02697dd9786e2122967ca781cb17d5a0137e
SHA256

6254b5b2a78652569e2f1827d86e9acca51bf6a0a206c539984bab4e86d071fb
SHA512

7006e8749164306a3785e10818a2f35cd75e03a9e5342f02ac725b4e00d626e93e8b4a729ac6f9870ede1f31c6d0d7c793b338278e25d52b74abc798057863d5
SSDEEP

3072:PQMCcEgPQdzhqE8TMs+NmUTyEKHmJa+O6eP0ccTBK6A5zkS2jbxWGq:PQMCc/oxITElTEHP4e8n1wkSbGq

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6254b5b2a78652569e2f1827d86e9acca51bf6a0a206c539984bab4e86d071fb
- Size
  
  209KB
- MD5
  
  135285499476889b341cbcaf9e480ad6
- SHA1
  
  533b02697dd9786e2122967ca781cb17d5a0137e
- SHA256
  
  6254b5b2a78652569e2f1827d86e9acca51bf6a0a206c539984bab4e86d071fb
- SHA512
  
  7006e8749164306a3785e10818a2f35cd75e03a9e5342f02ac725b4e00d626e93e8b4a729ac6f9870ede1f31c6d0d7c793b338278e25d52b74abc798057863d5
- SSDEEP
  
  3072:PQMCcEgPQdzhqE8TMs+NmUTyEKHmJa+O6eP0ccTBK6A5zkS2jbxWGq:PQMCc/oxITElTEHP4e8n1wkSbGq
Score

10^/10

evasion persistence
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2