22263fcaf8f353da2f9c444047f5571fa86a0d01b492ebff0a9958d3d82e936e | Triage

Sharing

General

Target

22263fcaf8f353da2f9c444047f5571fa86a0d01b492ebff0a9958d3d82e936e
Size

158KB
Sample

221127-t2e5dsbh35
MD5

0f5787843f85e57c234f9a8eea3b5d17
SHA1

05d9981fd75129980ac61d67ef9f94c62d001f48
SHA256

22263fcaf8f353da2f9c444047f5571fa86a0d01b492ebff0a9958d3d82e936e
SHA512

127fc1cbfe82e6d56971eab0b8c9bccfe7558849eb1e58b9c0e52e371d4ef20ce51b303ba968bdb750dc4e8a36cc1f4e6f7bfe601f58a785f2f139b6f71c7040
SSDEEP

3072:zLXk0tzeGD5/plkS1KXkqYqw3/NaSMuNbZdd0CLYA/qvbROp/:00tz3DSaKOqs13M+ZdtLYA6i

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  22263fcaf8f353da2f9c444047f5571fa86a0d01b492ebff0a9958d3d82e936e
- Size
  
  158KB
- MD5
  
  0f5787843f85e57c234f9a8eea3b5d17
- SHA1
  
  05d9981fd75129980ac61d67ef9f94c62d001f48
- SHA256
  
  22263fcaf8f353da2f9c444047f5571fa86a0d01b492ebff0a9958d3d82e936e
- SHA512
  
  127fc1cbfe82e6d56971eab0b8c9bccfe7558849eb1e58b9c0e52e371d4ef20ce51b303ba968bdb750dc4e8a36cc1f4e6f7bfe601f58a785f2f139b6f71c7040
- SSDEEP
  
  3072:zLXk0tzeGD5/plkS1KXkqYqw3/NaSMuNbZdd0CLYA/qvbROp/:00tz3DSaKOqs13M+ZdtLYA6i
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2