bde9a11b66c877082ea2b31cd0c2d057fef5d3176407a9acc2e993de397f6b6e | Triage

Submit
Reports

Overview

overview

Static

static

5

bde9a11b66...6e.exe

windows7-x64

bde9a11b66...6e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

bde9a11b66c877082ea2b31cd0c2d057fef5d3176407a9acc2e993de397f6b6e
Size

1.0MB
Sample

221106-nxdg4scchq
MD5

05a7fe1e8063b8046a9d9e255a8a6805
SHA1

df7b37abbd44d8cd610ad83c1a91436f1e3a4cf9
SHA256

bde9a11b66c877082ea2b31cd0c2d057fef5d3176407a9acc2e993de397f6b6e
SHA512

1299c861414a0a495fd5792ef11b1c9739b473c2ff3a92681eb84fd995cec0731fe9ec834212e51b56a96e865a1374bfcaf5670abcedb1e4e85476f1a9091275
SSDEEP

12288:YpqiC/2OGAtkCP4cejSSOpRK3CGYqNbStLu:Ypo/2+ttPJHfpRK3CGYqdStLu

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bde9a11b66c877082ea2b31cd0c2d057fef5d3176407a9acc2e993de397f6b6e.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

bde9a11b66c877082ea2b31cd0c2d057fef5d3176407a9acc2e993de397f6b6e.exe

Resource

win10v2004-20220812-en

evasion persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  bde9a11b66c877082ea2b31cd0c2d057fef5d3176407a9acc2e993de397f6b6e
- Size
  
  1.0MB
- MD5
  
  05a7fe1e8063b8046a9d9e255a8a6805
- SHA1
  
  df7b37abbd44d8cd610ad83c1a91436f1e3a4cf9
- SHA256
  
  bde9a11b66c877082ea2b31cd0c2d057fef5d3176407a9acc2e993de397f6b6e
- SHA512
  
  1299c861414a0a495fd5792ef11b1c9739b473c2ff3a92681eb84fd995cec0731fe9ec834212e51b56a96e865a1374bfcaf5670abcedb1e4e85476f1a9091275
- SSDEEP
  
  12288:YpqiC/2OGAtkCP4cejSSOpRK3CGYqNbStLu:Ypo/2+ttPJHfpRK3CGYqdStLu
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy