c2966a39ee6412b97d77f7a81946669eca6fa6cdfd3a18b32d4b782934ba6681 | Triage

Sharing

General

Target

c2966a39ee6412b97d77f7a81946669eca6fa6cdfd3a18b32d4b782934ba6681
Size

86KB
Sample

221123-zl1daadb76
MD5

5046c43af1344b8a29b1fc7eed192065
SHA1

8247fcf1b6ce32103cebd83a9a22f1fcc9439cdd
SHA256

c2966a39ee6412b97d77f7a81946669eca6fa6cdfd3a18b32d4b782934ba6681
SHA512

6cbb0031e584bbf738596430df5b7f8b36be79fd0f4f571dc66860c69bc5e78358e61be5ec30129c3794e5d257f71cca4365981d5d1488ee15f1f5237882ce56
SSDEEP

1536:CuQ1SYfLV/HvJmIqP+9Ff0mrYvIm5SQJ51UdIeNyAnf:DcSMLOqFpQ5z1j4yof

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c2966a39ee6412b97d77f7a81946669eca6fa6cdfd3a18b32d4b782934ba6681
- Size
  
  86KB
- MD5
  
  5046c43af1344b8a29b1fc7eed192065
- SHA1
  
  8247fcf1b6ce32103cebd83a9a22f1fcc9439cdd
- SHA256
  
  c2966a39ee6412b97d77f7a81946669eca6fa6cdfd3a18b32d4b782934ba6681
- SHA512
  
  6cbb0031e584bbf738596430df5b7f8b36be79fd0f4f571dc66860c69bc5e78358e61be5ec30129c3794e5d257f71cca4365981d5d1488ee15f1f5237882ce56
- SSDEEP
  
  1536:CuQ1SYfLV/HvJmIqP+9Ff0mrYvIm5SQJ51UdIeNyAnf:DcSMLOqFpQ5z1j4yof
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence