351cd194caefb6447e96e2ce829d3e804e50d3422b6d16d593d738338254a25f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

351cd194caefb6447e96e2ce829d3e804e50d3422b6d16d593d738338254a25f
Size

176KB
Sample

221107-y3deeafhg4
MD5

0adc31b293bee217af1878ed64423b48
SHA1

0e9169dff616826167f17fbf175dddec8ff0bfd2
SHA256

351cd194caefb6447e96e2ce829d3e804e50d3422b6d16d593d738338254a25f
SHA512

398ab562db9a11936584c920eb9755cca378aa3d5d7c3b7732dfbf0ac30c50c1936f9a737e6848d98c90164e2484b2cc526f012b5af4eaa8165d2db81da16254
SSDEEP

1536:v05AakFmuH8d3pDfT9tdXVC8/o5cJ45cL/I5l8IxdgtoeDpveL1bEOCTui:vagmvJfdXVCkLicDIUIx6thDpKE1ui

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  351cd194caefb6447e96e2ce829d3e804e50d3422b6d16d593d738338254a25f
- Size
  
  176KB
- MD5
  
  0adc31b293bee217af1878ed64423b48
- SHA1
  
  0e9169dff616826167f17fbf175dddec8ff0bfd2
- SHA256
  
  351cd194caefb6447e96e2ce829d3e804e50d3422b6d16d593d738338254a25f
- SHA512
  
  398ab562db9a11936584c920eb9755cca378aa3d5d7c3b7732dfbf0ac30c50c1936f9a737e6848d98c90164e2484b2cc526f012b5af4eaa8165d2db81da16254
- SSDEEP
  
  1536:v05AakFmuH8d3pDfT9tdXVC8/o5cJ45cL/I5l8IxdgtoeDpveL1bEOCTui:vagmvJfdXVCkLicDIUIx6thDpKE1ui
Score

8^/10

evasion persistence
- Disables RegEdit via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence