81e61437b38804c696ed37e590876bd626220f8f1756e6f29a1648d166ff399b | Triage

Sharing

General

Target

81e61437b38804c696ed37e590876bd626220f8f1756e6f29a1648d166ff399b
Size

548KB
Sample

221123-q5clwsff72
MD5

2bc0356986bda4a28e16a5b8b137cc57
SHA1

1de52df17c2dd05362e0eccf22ebff49c3b81f58
SHA256

81e61437b38804c696ed37e590876bd626220f8f1756e6f29a1648d166ff399b
SHA512

235e794cdc7617c0bfb9b17944d1eb27212609067f92851588aa034c8d5f73b13fe0abc9c6952f6b39ef0fe467aa6a48918a432b52fbc42853212d9b7f4092b4
SSDEEP

12288:PVJpPb5vKVJDD3E6EIuH7ElI0w52ZJ4UJPJJxobhU1+V:PtNKLEIuHyz114

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  81e61437b38804c696ed37e590876bd626220f8f1756e6f29a1648d166ff399b
- Size
  
  548KB
- MD5
  
  2bc0356986bda4a28e16a5b8b137cc57
- SHA1
  
  1de52df17c2dd05362e0eccf22ebff49c3b81f58
- SHA256
  
  81e61437b38804c696ed37e590876bd626220f8f1756e6f29a1648d166ff399b
- SHA512
  
  235e794cdc7617c0bfb9b17944d1eb27212609067f92851588aa034c8d5f73b13fe0abc9c6952f6b39ef0fe467aa6a48918a432b52fbc42853212d9b7f4092b4
- SSDEEP
  
  12288:PVJpPb5vKVJDD3E6EIuH7ElI0w52ZJ4UJPJJxobhU1+V:PtNKLEIuHyz114
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence