de8ad671a1f9b32716217f770433b3051cfcd5e9c876765603083561a4deb45e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de8ad671a1f9b32716217f770433b3051cfcd5e9c876765603083561a4deb45e
Size

520KB
Sample

221127-mranlaah62
MD5

3e1e25cfecd5893488ef1759f334753e
SHA1

0146b670d3b4438142d9de9e0f92cf073268539a
SHA256

de8ad671a1f9b32716217f770433b3051cfcd5e9c876765603083561a4deb45e
SHA512

9e06eb4fba473d2f2d786901859f8c21c042ac64d81304b96ae1ef19e87ae9ed22f5fe231db997c68c342112f3b08921b2b8fb4ec4f6b0e8cab542071411fab5
SSDEEP

12288:yNthAshTdR3p6URwzWKbHRXpC6Sxp88osrpGEDd9EUEM:yPmshz35SaKlpFSx+8xt1B

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  de8ad671a1f9b32716217f770433b3051cfcd5e9c876765603083561a4deb45e
- Size
  
  520KB
- MD5
  
  3e1e25cfecd5893488ef1759f334753e
- SHA1
  
  0146b670d3b4438142d9de9e0f92cf073268539a
- SHA256
  
  de8ad671a1f9b32716217f770433b3051cfcd5e9c876765603083561a4deb45e
- SHA512
  
  9e06eb4fba473d2f2d786901859f8c21c042ac64d81304b96ae1ef19e87ae9ed22f5fe231db997c68c342112f3b08921b2b8fb4ec4f6b0e8cab542071411fab5
- SSDEEP
  
  12288:yNthAshTdR3p6URwzWKbHRXpC6Sxp88osrpGEDd9EUEM:yPmshz35SaKlpFSx+8xt1B
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2