8c150909fa61c76f9a3ecb90934425f1b5c14c40805c535e627f0c315ec8e00c | Triage

Sharing

General

Target

8c150909fa61c76f9a3ecb90934425f1b5c14c40805c535e627f0c315ec8e00c
Size

878KB
Sample

221124-2fewhage4s
MD5

474144535ccb04b454b19991e2e3f539
SHA1

99cfa6fb38e203c41f36ba36ee71e941025a4f10
SHA256

8c150909fa61c76f9a3ecb90934425f1b5c14c40805c535e627f0c315ec8e00c
SHA512

9848c753d4d9a4b09cbf94e45d1358362dec8b504cadac5885038b4d467b37ec860378348525250c8cab9d3f03e917aae242b7c45f7324c07d41294bc1e6aec2
SSDEEP

12288:NB1xhXJxtxC5E5oPmGUgzO6xWVbVyaRG1V8VFDt:NnzvTC5D+GIbVnRGYD

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8c150909fa61c76f9a3ecb90934425f1b5c14c40805c535e627f0c315ec8e00c
- Size
  
  878KB
- MD5
  
  474144535ccb04b454b19991e2e3f539
- SHA1
  
  99cfa6fb38e203c41f36ba36ee71e941025a4f10
- SHA256
  
  8c150909fa61c76f9a3ecb90934425f1b5c14c40805c535e627f0c315ec8e00c
- SHA512
  
  9848c753d4d9a4b09cbf94e45d1358362dec8b504cadac5885038b4d467b37ec860378348525250c8cab9d3f03e917aae242b7c45f7324c07d41294bc1e6aec2
- SSDEEP
  
  12288:NB1xhXJxtxC5E5oPmGUgzO6xWVbVyaRG1V8VFDt:NnzvTC5D+GIbVnRGYD
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence