1faa29d93e78faf53e5c2116a38ae4ccbef5b3bf19ec7218ef0661c09a84606b | Triage

Sharing

General

Target

1faa29d93e78faf53e5c2116a38ae4ccbef5b3bf19ec7218ef0661c09a84606b
Size

287KB
Sample

221127-t3btcsbh74
MD5

6a2e1a13df1b55f218fb38d77521baf2
SHA1

9cf209e7bef6dcb71cd6912ea0846a7aad3a77cc
SHA256

1faa29d93e78faf53e5c2116a38ae4ccbef5b3bf19ec7218ef0661c09a84606b
SHA512

48014488a8dbcd3404d75d8b6460e16b5215f7d4f867b87084cf24f41d14a1e5d42c376f2ddb1fe6b3d25be7d751280c57070932447bea9f35940cfe861628a8
SSDEEP

6144:zgVmfgie8wjcmdbZ1MTKq72DDC3C5b/ew3ur1y+a:z5gP8wjzRsvPmWnr1y1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1faa29d93e78faf53e5c2116a38ae4ccbef5b3bf19ec7218ef0661c09a84606b
- Size
  
  287KB
- MD5
  
  6a2e1a13df1b55f218fb38d77521baf2
- SHA1
  
  9cf209e7bef6dcb71cd6912ea0846a7aad3a77cc
- SHA256
  
  1faa29d93e78faf53e5c2116a38ae4ccbef5b3bf19ec7218ef0661c09a84606b
- SHA512
  
  48014488a8dbcd3404d75d8b6460e16b5215f7d4f867b87084cf24f41d14a1e5d42c376f2ddb1fe6b3d25be7d751280c57070932447bea9f35940cfe861628a8
- SSDEEP
  
  6144:zgVmfgie8wjcmdbZ1MTKq72DDC3C5b/ew3ur1y+a:z5gP8wjzRsvPmWnr1y1
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2