448bfbdf276dffcce3d993554a14873ef27df2f53d590090e22f6b878e98baab | Triage

Sharing

General

Target

448bfbdf276dffcce3d993554a14873ef27df2f53d590090e22f6b878e98baab
Size

385KB
Sample

221127-ctbnkagb41
MD5

ba1703dffcc9ab27f2ce70e0f52b617e
SHA1

0ff1a187f57e3fa6fe38d660529d9d0d3c1fd0e3
SHA256

448bfbdf276dffcce3d993554a14873ef27df2f53d590090e22f6b878e98baab
SHA512

523ac850216b2af6b5c764c0a2b9c704e970cfffc7fee0a4f8abef7698a7c2459f187739decca6bd1b2dd2fccf41b78fc0268cecbe333a4594f7a7dc7643d2ee
SSDEEP

6144:1Njs5UHBv5I0YL2jhiCKitsUFK8dHdpF8tAA0Ti33R0:10+YL8DnHMqHF8tAAQinR0

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  448bfbdf276dffcce3d993554a14873ef27df2f53d590090e22f6b878e98baab
- Size
  
  385KB
- MD5
  
  ba1703dffcc9ab27f2ce70e0f52b617e
- SHA1
  
  0ff1a187f57e3fa6fe38d660529d9d0d3c1fd0e3
- SHA256
  
  448bfbdf276dffcce3d993554a14873ef27df2f53d590090e22f6b878e98baab
- SHA512
  
  523ac850216b2af6b5c764c0a2b9c704e970cfffc7fee0a4f8abef7698a7c2459f187739decca6bd1b2dd2fccf41b78fc0268cecbe333a4594f7a7dc7643d2ee
- SSDEEP
  
  6144:1Njs5UHBv5I0YL2jhiCKitsUFK8dHdpF8tAA0Ti33R0:10+YL8DnHMqHF8tAAQinR0
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence