bff364aa72c67151be73f37a180da1ba94cf3b3b2023cf5924c2e53fd4c4500b | Triage

Sharing

General

Target

bff364aa72c67151be73f37a180da1ba94cf3b3b2023cf5924c2e53fd4c4500b
Size

917KB
Sample

221123-s3n81sch79
MD5

cc0cb143bcde7947f5ddae1e143e11e9
SHA1

01e3d934a6b61a9127a9ed6ced39d958cd961a28
SHA256

bff364aa72c67151be73f37a180da1ba94cf3b3b2023cf5924c2e53fd4c4500b
SHA512

c3d9a0bc900329aa2fb05c78abe0010a5b0567fe8bfc1b016fa8c6519015e7965c758f34bfc1bdb63f8294ff346944f040d8bd4539eadc42925e223b749e8cec
SSDEEP

24576:yYyrBDDP7agE0sftUdzxh2jm/g3at18wYxCSYRo1OJFmplxis6+0u7XVWAJigyy:7y1Tagtsftuzxh2jmo3at18E17Jsgs6q

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  bff364aa72c67151be73f37a180da1ba94cf3b3b2023cf5924c2e53fd4c4500b
- Size
  
  917KB
- MD5
  
  cc0cb143bcde7947f5ddae1e143e11e9
- SHA1
  
  01e3d934a6b61a9127a9ed6ced39d958cd961a28
- SHA256
  
  bff364aa72c67151be73f37a180da1ba94cf3b3b2023cf5924c2e53fd4c4500b
- SHA512
  
  c3d9a0bc900329aa2fb05c78abe0010a5b0567fe8bfc1b016fa8c6519015e7965c758f34bfc1bdb63f8294ff346944f040d8bd4539eadc42925e223b749e8cec
- SSDEEP
  
  24576:yYyrBDDP7agE0sftUdzxh2jm/g3at18wYxCSYRo1OJFmplxis6+0u7XVWAJigyy:7y1Tagtsftuzxh2jmo3at18E17Jsgs6q
Score

8^/10

persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2