ec8fb53f340f4b82ed5d857cd65d5a647f1f7038b723def2669277e641dbdce2 | Triage

Sharing

General

Target

ec8fb53f340f4b82ed5d857cd65d5a647f1f7038b723def2669277e641dbdce2
Size

305KB
Sample

221123-szsr2acf59
MD5

380628f35467056cd5eedeef3188f01e
SHA1

bd6cfdc7949228f8fe2ad532521f159a526a123f
SHA256

ec8fb53f340f4b82ed5d857cd65d5a647f1f7038b723def2669277e641dbdce2
SHA512

129204e3dc7798e61527f3739703cece7f99606d0d66c7ef499997094e2a29d574d0fa1f44fba9a49db2781ab5e6891d0ee5cc8cd97eaeaf815dd9c57a2d2ebf
SSDEEP

3072:EfjboxnOCPJTY3M+iduU0Git18SFTyCMZqyFyyubKW/oaT0WMAgbPeDzQH+vpFTI:ss5YmfC3kzGKWz9w+QHCPGMSUwOoUa

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ec8fb53f340f4b82ed5d857cd65d5a647f1f7038b723def2669277e641dbdce2
- Size
  
  305KB
- MD5
  
  380628f35467056cd5eedeef3188f01e
- SHA1
  
  bd6cfdc7949228f8fe2ad532521f159a526a123f
- SHA256
  
  ec8fb53f340f4b82ed5d857cd65d5a647f1f7038b723def2669277e641dbdce2
- SHA512
  
  129204e3dc7798e61527f3739703cece7f99606d0d66c7ef499997094e2a29d574d0fa1f44fba9a49db2781ab5e6891d0ee5cc8cd97eaeaf815dd9c57a2d2ebf
- SSDEEP
  
  3072:EfjboxnOCPJTY3M+iduU0Git18SFTyCMZqyFyyubKW/oaT0WMAgbPeDzQH+vpFTI:ss5YmfC3kzGKWz9w+QHCPGMSUwOoUa
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2