91c11d26188e5a5b73bb5ca07ac2541a9fd177862e7041017e1a2314ce2f52b0 | Triage

Sharing

General

Target

91c11d26188e5a5b73bb5ca07ac2541a9fd177862e7041017e1a2314ce2f52b0
Size

77KB
Sample

221124-144dbsce72
MD5

3462fc56c22abe31f355e1f3c5bd295e
SHA1

7fb9965ebdea385f492a5c6fc97e2850c10067ad
SHA256

91c11d26188e5a5b73bb5ca07ac2541a9fd177862e7041017e1a2314ce2f52b0
SHA512

61442190a8f361cb44e3e96dbccefd478d832daf1709a61931abaf459987d680c6d88a9227581553dc51590c211f75369a63002e6a1cfe491c4ca7c20fa87b46
SSDEEP

1536:RjJFiSGOr8G49QsIl1azj+wisAHYyrCzDeEmPxbPBUo1+byjnRJ/yO:Rj76Or8G4Klkj+wisAH//PBUofL6O

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  91c11d26188e5a5b73bb5ca07ac2541a9fd177862e7041017e1a2314ce2f52b0
- Size
  
  77KB
- MD5
  
  3462fc56c22abe31f355e1f3c5bd295e
- SHA1
  
  7fb9965ebdea385f492a5c6fc97e2850c10067ad
- SHA256
  
  91c11d26188e5a5b73bb5ca07ac2541a9fd177862e7041017e1a2314ce2f52b0
- SHA512
  
  61442190a8f361cb44e3e96dbccefd478d832daf1709a61931abaf459987d680c6d88a9227581553dc51590c211f75369a63002e6a1cfe491c4ca7c20fa87b46
- SSDEEP
  
  1536:RjJFiSGOr8G49QsIl1azj+wisAHYyrCzDeEmPxbPBUo1+byjnRJ/yO:Rj76Or8G4Klkj+wisAH//PBUofL6O
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2