87754b380449b36cf4bee20326ce587b693d6034c9cde9dab6a68465132fbf71 | Triage

Sharing

General

Target

87754b380449b36cf4bee20326ce587b693d6034c9cde9dab6a68465132fbf71
Size

270KB
Sample

221125-jc28hsbb54
MD5

8c98321d11ba3cba413ec83137a771eb
SHA1

e46a50a88607fcd81c269654e3a66d2db209090c
SHA256

87754b380449b36cf4bee20326ce587b693d6034c9cde9dab6a68465132fbf71
SHA512

e46daf37cf10f6059075717fab4b451fc13d440201d2cd515cb774959fe667768fad036e8c67141cb2d8e18eea3a8ca425b0811e1960269bdda88e7da8139ff2
SSDEEP

3072:7InbvjRNubSRbSIYGae/Cccguu5JDB+ulFI2xIYnVs2ttoIfdegnC1kfooMSz5/2:MQisccTu5hB+B2PW2EGxP

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  87754b380449b36cf4bee20326ce587b693d6034c9cde9dab6a68465132fbf71
- Size
  
  270KB
- MD5
  
  8c98321d11ba3cba413ec83137a771eb
- SHA1
  
  e46a50a88607fcd81c269654e3a66d2db209090c
- SHA256
  
  87754b380449b36cf4bee20326ce587b693d6034c9cde9dab6a68465132fbf71
- SHA512
  
  e46daf37cf10f6059075717fab4b451fc13d440201d2cd515cb774959fe667768fad036e8c67141cb2d8e18eea3a8ca425b0811e1960269bdda88e7da8139ff2
- SSDEEP
  
  3072:7InbvjRNubSRbSIYGae/Cccguu5JDB+ulFI2xIYnVs2ttoIfdegnC1kfooMSz5/2:MQisccTu5hB+B2PW2EGxP
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2