b611fd2cf73536c561b02daa5ea65706a60d2cb56fda1036cb4204a528d0667e | Triage

Sharing

General

Target

b611fd2cf73536c561b02daa5ea65706a60d2cb56fda1036cb4204a528d0667e
Size

226KB
Sample

221124-aljm4aeg29
MD5

27903fc4f8eaeaef6865eb5d4a19f6d0
SHA1

3c9694f0ba93d827be6fcce3d06f5474d43565d5
SHA256

b611fd2cf73536c561b02daa5ea65706a60d2cb56fda1036cb4204a528d0667e
SHA512

a68c6c51ac92135619ad4b96217bf8f2fd1a87777503b7eb8cf7ecf0d6b169cf933f8f15dd62344769db40d963e84aab4716b91fd388f247a66cad8e9d7786ba
SSDEEP

1536:55e4TnczSLbEoLdc83zqRK7MVmN7/yLM3a0SC+tSTOCaRs+ZmsvjkFKO2jL6w0Dw:5QMRImkK713S/SgJr5B7EoJfbilkqop

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b611fd2cf73536c561b02daa5ea65706a60d2cb56fda1036cb4204a528d0667e
- Size
  
  226KB
- MD5
  
  27903fc4f8eaeaef6865eb5d4a19f6d0
- SHA1
  
  3c9694f0ba93d827be6fcce3d06f5474d43565d5
- SHA256
  
  b611fd2cf73536c561b02daa5ea65706a60d2cb56fda1036cb4204a528d0667e
- SHA512
  
  a68c6c51ac92135619ad4b96217bf8f2fd1a87777503b7eb8cf7ecf0d6b169cf933f8f15dd62344769db40d963e84aab4716b91fd388f247a66cad8e9d7786ba
- SSDEEP
  
  1536:55e4TnczSLbEoLdc83zqRK7MVmN7/yLM3a0SC+tSTOCaRs+ZmsvjkFKO2jL6w0Dw:5QMRImkK713S/SgJr5B7EoJfbilkqop
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2