292621efec52a47186c1bc44b749c6fd84bc917ab5bd240b1dfb8f05410f63d4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

292621efec52a47186c1bc44b749c6fd84bc917ab5bd240b1dfb8f05410f63d4
Size

594KB
Sample

221107-gcl57adbhq
MD5

0f22a4b2617553d658c496cc0e995516
SHA1

2ba04f1cc4a871c93855597130d3d8ac63f5e0e3
SHA256

292621efec52a47186c1bc44b749c6fd84bc917ab5bd240b1dfb8f05410f63d4
SHA512

fb55a065655f97994fcea633aefc9f8e1adaf6df9406c22e381c3996de966d79939721097c248ecd48df436cdf7c842fa5224e18f8938a80d322487584c15d3d
SSDEEP

12288:nr9s6lDwqNCF3xqz1Ga8Vo/Hw8ezPUSlbP6oZ1p8fn:rTdNCF3Uz1GK/IzMSUoPS

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  292621efec52a47186c1bc44b749c6fd84bc917ab5bd240b1dfb8f05410f63d4
- Size
  
  594KB
- MD5
  
  0f22a4b2617553d658c496cc0e995516
- SHA1
  
  2ba04f1cc4a871c93855597130d3d8ac63f5e0e3
- SHA256
  
  292621efec52a47186c1bc44b749c6fd84bc917ab5bd240b1dfb8f05410f63d4
- SHA512
  
  fb55a065655f97994fcea633aefc9f8e1adaf6df9406c22e381c3996de966d79939721097c248ecd48df436cdf7c842fa5224e18f8938a80d322487584c15d3d
- SSDEEP
  
  12288:nr9s6lDwqNCF3xqz1Ga8Vo/Hw8ezPUSlbP6oZ1p8fn:rTdNCF3Uz1GK/IzMSUoPS
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence