Overview

overview

10

Static

static

a43b347276...58.exe

windows7-x64

10

a43b347276...58.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a43b347276b36ddc850374ffab37989f9b6564c0b9c672296107245f8c6c1b58

  • Size

    213KB

  • Sample

    221123-lwhpbscd73

  • MD5

    928452174f5067a712cc36846701686a

  • SHA1

    f80242df914a1c5594d46eda37dbffdedfb27aca

  • SHA256

    a43b347276b36ddc850374ffab37989f9b6564c0b9c672296107245f8c6c1b58

  • SHA512

    dba10ca48fb1c49794cd6fd5c8f403583ec71fbf3a677307a4e4ab256cc4992e5317951cd3c082b86dbd135fbd5ed016af0a0b9bf8be7e7cfeaa3829da88d6fd

  • SSDEEP

    3072:aL5inVsD8cnLLEgoAMf2SsxmwEirbPVAGO7/9Op/kRLCflPFIWpmnQR6L/mDUDeN:aL5YaLYdiDZegoCflPmnQ8mDN

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      a43b347276b36ddc850374ffab37989f9b6564c0b9c672296107245f8c6c1b58

    • Size

      213KB

    • MD5

      928452174f5067a712cc36846701686a

    • SHA1

      f80242df914a1c5594d46eda37dbffdedfb27aca

    • SHA256

      a43b347276b36ddc850374ffab37989f9b6564c0b9c672296107245f8c6c1b58

    • SHA512

      dba10ca48fb1c49794cd6fd5c8f403583ec71fbf3a677307a4e4ab256cc4992e5317951cd3c082b86dbd135fbd5ed016af0a0b9bf8be7e7cfeaa3829da88d6fd

    • SSDEEP

      3072:aL5inVsD8cnLLEgoAMf2SsxmwEirbPVAGO7/9Op/kRLCflPFIWpmnQR6L/mDUDeN:aL5YaLYdiDZegoCflPmnQ8mDN

    Score
    10/10
    evasionpersistence

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks