7eb4b2ff20637235069ef71e625a46665ffd695e35bb6716a0aaf51bd11e4071 | Triage

Sharing

General

Target

7eb4b2ff20637235069ef71e625a46665ffd695e35bb6716a0aaf51bd11e4071
Size

304KB
Sample

221128-ck4mzsca2z
MD5

10b9f58bc5186e251dd106b9a967dbf6
SHA1

c091c0eaccd0a770b8df622cb3faf5b189e5fdcf
SHA256

7eb4b2ff20637235069ef71e625a46665ffd695e35bb6716a0aaf51bd11e4071
SHA512

21c9c0cec68a4b0830e80a0e19aa3a0e3a934ea4d4daf7280d378e094b3311a747e62e4367b3abe7dc3a5184638ffdd8a49242726aaa7fdf352804bda637ef60
SSDEEP

3072:JRj2d7pRRRMRRRb7HietvTss3XXD8Eq3GBsoeswwA/mdm04yKr7Td6:yp7eHtHEgD8Eq8E3Gm04yG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7eb4b2ff20637235069ef71e625a46665ffd695e35bb6716a0aaf51bd11e4071
- Size
  
  304KB
- MD5
  
  10b9f58bc5186e251dd106b9a967dbf6
- SHA1
  
  c091c0eaccd0a770b8df622cb3faf5b189e5fdcf
- SHA256
  
  7eb4b2ff20637235069ef71e625a46665ffd695e35bb6716a0aaf51bd11e4071
- SHA512
  
  21c9c0cec68a4b0830e80a0e19aa3a0e3a934ea4d4daf7280d378e094b3311a747e62e4367b3abe7dc3a5184638ffdd8a49242726aaa7fdf352804bda637ef60
- SSDEEP
  
  3072:JRj2d7pRRRMRRRb7HietvTss3XXD8Eq3GBsoeswwA/mdm04yKr7Td6:yp7eHtHEgD8Eq8E3Gm04yG
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence