50aac897564ba4cd09648433a2b277608e7afd6b922a16573bae6e5461cfadc2 | Triage

Sharing

General

Target

50aac897564ba4cd09648433a2b277608e7afd6b922a16573bae6e5461cfadc2
Size

240KB
Sample

221123-rnn42aha98
MD5

3c741ff3469b5e735c74e7263ca0d70b
SHA1

138c61102ab2f96c9c8ed1418138eceb14810966
SHA256

50aac897564ba4cd09648433a2b277608e7afd6b922a16573bae6e5461cfadc2
SHA512

74ae50a66837a4de152ca7a6a1d95c8878b12fdbf75bba37444bf05e39ee9e48ab0d92305b905e6314718a25da52ce7db894b8d49df5d226f3a9b35c932203df
SSDEEP

6144:0Otgh29/wkimJj0b33rlu51p03ctGxb2222Q/Yg:0l2rimJj0bhYQ3cMC

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  50aac897564ba4cd09648433a2b277608e7afd6b922a16573bae6e5461cfadc2
- Size
  
  240KB
- MD5
  
  3c741ff3469b5e735c74e7263ca0d70b
- SHA1
  
  138c61102ab2f96c9c8ed1418138eceb14810966
- SHA256
  
  50aac897564ba4cd09648433a2b277608e7afd6b922a16573bae6e5461cfadc2
- SHA512
  
  74ae50a66837a4de152ca7a6a1d95c8878b12fdbf75bba37444bf05e39ee9e48ab0d92305b905e6314718a25da52ce7db894b8d49df5d226f3a9b35c932203df
- SSDEEP
  
  6144:0Otgh29/wkimJj0b33rlu51p03ctGxb2222Q/Yg:0l2rimJj0bhYQ3cMC
Score

8^/10

persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets file execution options in registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2