4c66676e5d4a22ca5a22524795c73b5a7a08e5c6c44af9ea32d42b5e70e6ff4d | Triage

Sharing

General

Target

4c66676e5d4a22ca5a22524795c73b5a7a08e5c6c44af9ea32d42b5e70e6ff4d
Size

584KB
Sample

221125-b9e59adb24
MD5

d9f75392863b4add7ae44e72b496a355
SHA1

16a9d918a244b7a0622ddd508417b846bc732d67
SHA256

4c66676e5d4a22ca5a22524795c73b5a7a08e5c6c44af9ea32d42b5e70e6ff4d
SHA512

00b88c9be02576e8cc4fe01a914f34a8f15c24b061e9cb587426192fe501837ad6f950c483411c98f69e88cedfd56cdfff7b7e002d00191dc81d06ed93014aba
SSDEEP

12288:Qf3V1zIQ0XoeZCMT7ar16I5/elWQ96y1uKsQk84BOj+Z:QfVKVXozM6xvJK96y1Yr

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4c66676e5d4a22ca5a22524795c73b5a7a08e5c6c44af9ea32d42b5e70e6ff4d
- Size
  
  584KB
- MD5
  
  d9f75392863b4add7ae44e72b496a355
- SHA1
  
  16a9d918a244b7a0622ddd508417b846bc732d67
- SHA256
  
  4c66676e5d4a22ca5a22524795c73b5a7a08e5c6c44af9ea32d42b5e70e6ff4d
- SHA512
  
  00b88c9be02576e8cc4fe01a914f34a8f15c24b061e9cb587426192fe501837ad6f950c483411c98f69e88cedfd56cdfff7b7e002d00191dc81d06ed93014aba
- SSDEEP
  
  12288:Qf3V1zIQ0XoeZCMT7ar16I5/elWQ96y1uKsQk84BOj+Z:QfVKVXozM6xvJK96y1Yr
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence