cca05751903294ebd93629d331d25bfd2706bbc07ff4ed121141855862f4658e | Triage

Sharing

General

Target

cca05751903294ebd93629d331d25bfd2706bbc07ff4ed121141855862f4658e
Size

228KB
Sample

221124-xtltradc44
MD5

0a6678f8421116ddd57ea116c104b062
SHA1

514b5eaa79e2ac1049d09ecce555a59e9ea388e1
SHA256

cca05751903294ebd93629d331d25bfd2706bbc07ff4ed121141855862f4658e
SHA512

82ff67dcd5bf7ac3b5286248ee3a0105bcaacb4d3cd6387c4bdb99877017bd46efa250d6286d802a59502a59475bbb00590173d64dccadbc592ceea151294ec2
SSDEEP

6144:MBO8MDptfN0zKcOOYHliCBQb+F/irkJbj9DvD:h8MrqKckl9eyFuubj9DvD

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  cca05751903294ebd93629d331d25bfd2706bbc07ff4ed121141855862f4658e
- Size
  
  228KB
- MD5
  
  0a6678f8421116ddd57ea116c104b062
- SHA1
  
  514b5eaa79e2ac1049d09ecce555a59e9ea388e1
- SHA256
  
  cca05751903294ebd93629d331d25bfd2706bbc07ff4ed121141855862f4658e
- SHA512
  
  82ff67dcd5bf7ac3b5286248ee3a0105bcaacb4d3cd6387c4bdb99877017bd46efa250d6286d802a59502a59475bbb00590173d64dccadbc592ceea151294ec2
- SSDEEP
  
  6144:MBO8MDptfN0zKcOOYHliCBQb+F/irkJbj9DvD:h8MrqKckl9eyFuubj9DvD
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2