e1aab275f72aa745d1774122f851ce323963c577b93836e7f6c6005f032d0547 | Triage

Sharing

General

Target

e1aab275f72aa745d1774122f851ce323963c577b93836e7f6c6005f032d0547
Size

135KB
Sample

221124-atx6fsae7z
MD5

5337e1c2054a4a758195237a527e29b1
SHA1

8d5b32d796d495c82ba0fb96c00606f881e26d41
SHA256

e1aab275f72aa745d1774122f851ce323963c577b93836e7f6c6005f032d0547
SHA512

0b9f95ee9a55dc0d01b86f8ece389d342c7e89a1393adcba0706ca877b025a3883d80285f8091add00e06217799fc4a3aecd30181d5ab52bceb21724468538f6
SSDEEP

3072:YtTUp6Z9UPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHi:aTU6ZMoIDbByGPMsMP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e1aab275f72aa745d1774122f851ce323963c577b93836e7f6c6005f032d0547
- Size
  
  135KB
- MD5
  
  5337e1c2054a4a758195237a527e29b1
- SHA1
  
  8d5b32d796d495c82ba0fb96c00606f881e26d41
- SHA256
  
  e1aab275f72aa745d1774122f851ce323963c577b93836e7f6c6005f032d0547
- SHA512
  
  0b9f95ee9a55dc0d01b86f8ece389d342c7e89a1393adcba0706ca877b025a3883d80285f8091add00e06217799fc4a3aecd30181d5ab52bceb21724468538f6
- SSDEEP
  
  3072:YtTUp6Z9UPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHi:aTU6ZMoIDbByGPMsMP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2