General

  • Target

    1faa29d93e78faf53e5c2116a38ae4ccbef5b3bf19ec7218ef0661c09a84606b

  • Size

    287KB

  • Sample

    221127-t3btcsbh74

  • MD5

    6a2e1a13df1b55f218fb38d77521baf2

  • SHA1

    9cf209e7bef6dcb71cd6912ea0846a7aad3a77cc

  • SHA256

    1faa29d93e78faf53e5c2116a38ae4ccbef5b3bf19ec7218ef0661c09a84606b

  • SHA512

    48014488a8dbcd3404d75d8b6460e16b5215f7d4f867b87084cf24f41d14a1e5d42c376f2ddb1fe6b3d25be7d751280c57070932447bea9f35940cfe861628a8

  • SSDEEP

    6144:zgVmfgie8wjcmdbZ1MTKq72DDC3C5b/ew3ur1y+a:z5gP8wjzRsvPmWnr1y1

Score
10/10

Malware Config

Targets

    • Target

      1faa29d93e78faf53e5c2116a38ae4ccbef5b3bf19ec7218ef0661c09a84606b

    • Size

      287KB

    • MD5

      6a2e1a13df1b55f218fb38d77521baf2

    • SHA1

      9cf209e7bef6dcb71cd6912ea0846a7aad3a77cc

    • SHA256

      1faa29d93e78faf53e5c2116a38ae4ccbef5b3bf19ec7218ef0661c09a84606b

    • SHA512

      48014488a8dbcd3404d75d8b6460e16b5215f7d4f867b87084cf24f41d14a1e5d42c376f2ddb1fe6b3d25be7d751280c57070932447bea9f35940cfe861628a8

    • SSDEEP

      6144:zgVmfgie8wjcmdbZ1MTKq72DDC3C5b/ew3ur1y+a:z5gP8wjzRsvPmWnr1y1

    Score
    10/10
    • Modifies firewall policy service

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks