ad955fdc7425dc1f94f780accb5f795ca61170640235a42e460479a7106cf7c4 | Triage

Sharing

General

Target

ad955fdc7425dc1f94f780accb5f795ca61170640235a42e460479a7106cf7c4
Size

248KB
Sample

221123-t89btagc85
MD5

453e81cf8fd30e22f5d73ba21f73e21c
SHA1

677d1dad9d914aeefa23d4f0e95d1cb611faa8b2
SHA256

ad955fdc7425dc1f94f780accb5f795ca61170640235a42e460479a7106cf7c4
SHA512

6526e87ae9315280eb2945e2fd97c771f047d76781508911221cf4cec767ff2d5009a2a878e4c8b8c4d8be72e7168f4cf2ade96ca6ee1f5c57ddc7c576db43dd
SSDEEP

6144:w6SEglcg8sX+yFtrqRvV+bslcyn97fG6F4+ECgVuc:JSrlzEyFlqRtUyn9blCYgV

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ad955fdc7425dc1f94f780accb5f795ca61170640235a42e460479a7106cf7c4
- Size
  
  248KB
- MD5
  
  453e81cf8fd30e22f5d73ba21f73e21c
- SHA1
  
  677d1dad9d914aeefa23d4f0e95d1cb611faa8b2
- SHA256
  
  ad955fdc7425dc1f94f780accb5f795ca61170640235a42e460479a7106cf7c4
- SHA512
  
  6526e87ae9315280eb2945e2fd97c771f047d76781508911221cf4cec767ff2d5009a2a878e4c8b8c4d8be72e7168f4cf2ade96ca6ee1f5c57ddc7c576db43dd
- SSDEEP
  
  6144:w6SEglcg8sX+yFtrqRvV+bslcyn97fG6F4+ECgVuc:JSrlzEyFlqRtUyn9blCYgV
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence