c08e739264052466cf4ab1e22b891ba551f6f0f1abe62503687721ff8e1345fa | Triage

Sharing

General

Target

c08e739264052466cf4ab1e22b891ba551f6f0f1abe62503687721ff8e1345fa
Size

606KB
Sample

221128-gghzbsac67
MD5

5109fd9935de26b52fc6bdc2b96c4ff2
SHA1

963fb4f803b4875cfca0054c5076c178d8d28fe5
SHA256

c08e739264052466cf4ab1e22b891ba551f6f0f1abe62503687721ff8e1345fa
SHA512

c686a7805ad15d6e58e2dcd83d4ef52e07447ef11a09d624b256400bd28718d2958e3f8e5b9c20fde1094631a862a8f56c6bd78b9864a7df6ae0df47a7049307
SSDEEP

12288:9VBNNiiaGdz+35g6OvGC2WhZEHwq1iKSdAQU46OXKC7y:1u5GAG6/C2s+Q6Qv6Nj

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c08e739264052466cf4ab1e22b891ba551f6f0f1abe62503687721ff8e1345fa
- Size
  
  606KB
- MD5
  
  5109fd9935de26b52fc6bdc2b96c4ff2
- SHA1
  
  963fb4f803b4875cfca0054c5076c178d8d28fe5
- SHA256
  
  c08e739264052466cf4ab1e22b891ba551f6f0f1abe62503687721ff8e1345fa
- SHA512
  
  c686a7805ad15d6e58e2dcd83d4ef52e07447ef11a09d624b256400bd28718d2958e3f8e5b9c20fde1094631a862a8f56c6bd78b9864a7df6ae0df47a7049307
- SSDEEP
  
  12288:9VBNNiiaGdz+35g6OvGC2WhZEHwq1iKSdAQU46OXKC7y:1u5GAG6/C2s+Q6Qv6Nj
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence