337b7a0119a9512632aa5349449797eff2c569382f220e279bcd595959dc82d1 | Triage

Sharing

General

Target

337b7a0119a9512632aa5349449797eff2c569382f220e279bcd595959dc82d1
Size

226KB
Sample

221124-cpd8wsba63
MD5

cb3d410e74c8ed0c8ac007a5747b678a
SHA1

601294ff8a25d831296730de135ce2fe588736ba
SHA256

337b7a0119a9512632aa5349449797eff2c569382f220e279bcd595959dc82d1
SHA512

1c11c657819134d9fa97e3ed387c9b74c9ed42be8d9e67d9f45ef43b988df6fee82cee076945f23e6604f20d93d2fa3b7dc296459b0f96e42523be5c7988bf2e
SSDEEP

6144:JYa2oQoC72vdWAMNZxOdxey8KODF8IvXgV3nhm:JYWRC7EdWAMzQbg8d

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  337b7a0119a9512632aa5349449797eff2c569382f220e279bcd595959dc82d1
- Size
  
  226KB
- MD5
  
  cb3d410e74c8ed0c8ac007a5747b678a
- SHA1
  
  601294ff8a25d831296730de135ce2fe588736ba
- SHA256
  
  337b7a0119a9512632aa5349449797eff2c569382f220e279bcd595959dc82d1
- SHA512
  
  1c11c657819134d9fa97e3ed387c9b74c9ed42be8d9e67d9f45ef43b988df6fee82cee076945f23e6604f20d93d2fa3b7dc296459b0f96e42523be5c7988bf2e
- SSDEEP
  
  6144:JYa2oQoC72vdWAMNZxOdxey8KODF8IvXgV3nhm:JYWRC7EdWAMzQbg8d
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence