d28cc5d69767c04ffb06efe0af6746026503da98bc95cb4edb985c04b519a743 | Triage

Sharing

General

Target

d28cc5d69767c04ffb06efe0af6746026503da98bc95cb4edb985c04b519a743
Size

38KB
Sample

221127-r99b4afa46
MD5

4bd885881d01707525682849d8d3b62a
SHA1

812a00d8d4469a441935386a2a7b8a6435751423
SHA256

d28cc5d69767c04ffb06efe0af6746026503da98bc95cb4edb985c04b519a743
SHA512

8e4480402b0837dcab901757abd567472e9873b082370e6dca857d6f319a46fc3e70bb1db4318af71fe07e5fd181ab641ef1eae2359cb79ccc33e5d1d3b00b3f
SSDEEP

768:nfhp3FrxUrYONNSkCZBRmtWkU3FHjswGsIXASo8DqwU:nfdoY7ZBoWkU3FHjAsJSK

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  d28cc5d69767c04ffb06efe0af6746026503da98bc95cb4edb985c04b519a743
- Size
  
  38KB
- MD5
  
  4bd885881d01707525682849d8d3b62a
- SHA1
  
  812a00d8d4469a441935386a2a7b8a6435751423
- SHA256
  
  d28cc5d69767c04ffb06efe0af6746026503da98bc95cb4edb985c04b519a743
- SHA512
  
  8e4480402b0837dcab901757abd567472e9873b082370e6dca857d6f319a46fc3e70bb1db4318af71fe07e5fd181ab641ef1eae2359cb79ccc33e5d1d3b00b3f
- SSDEEP
  
  768:nfhp3FrxUrYONNSkCZBRmtWkU3FHjswGsIXASo8DqwU:nfdoY7ZBoWkU3FHjAsJSK
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence