Overview

overview

8

Static

static

337b7a0119...d1.exe

windows7-x64

8

337b7a0119...d1.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    337b7a0119a9512632aa5349449797eff2c569382f220e279bcd595959dc82d1

  • Size

    226KB

  • Sample

    221124-cpd8wsba63

  • MD5

    cb3d410e74c8ed0c8ac007a5747b678a

  • SHA1

    601294ff8a25d831296730de135ce2fe588736ba

  • SHA256

    337b7a0119a9512632aa5349449797eff2c569382f220e279bcd595959dc82d1

  • SHA512

    1c11c657819134d9fa97e3ed387c9b74c9ed42be8d9e67d9f45ef43b988df6fee82cee076945f23e6604f20d93d2fa3b7dc296459b0f96e42523be5c7988bf2e

  • SSDEEP

    6144:JYa2oQoC72vdWAMNZxOdxey8KODF8IvXgV3nhm:JYWRC7EdWAMzQbg8d

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      337b7a0119a9512632aa5349449797eff2c569382f220e279bcd595959dc82d1

    • Size

      226KB

    • MD5

      cb3d410e74c8ed0c8ac007a5747b678a

    • SHA1

      601294ff8a25d831296730de135ce2fe588736ba

    • SHA256

      337b7a0119a9512632aa5349449797eff2c569382f220e279bcd595959dc82d1

    • SHA512

      1c11c657819134d9fa97e3ed387c9b74c9ed42be8d9e67d9f45ef43b988df6fee82cee076945f23e6604f20d93d2fa3b7dc296459b0f96e42523be5c7988bf2e

    • SSDEEP

      6144:JYa2oQoC72vdWAMNZxOdxey8KODF8IvXgV3nhm:JYWRC7EdWAMzQbg8d

    Score
    8/10
    evasionpersistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks