b5f58f7b8dff76102d4c5ae99fe3118db19e4b048cb15a3e88d493d2febcdba1 | Triage

Sharing

General

Target

b5f58f7b8dff76102d4c5ae99fe3118db19e4b048cb15a3e88d493d2febcdba1
Size

188KB
Sample

221129-nk91jseb38
MD5

7ca30c9cdca1c6510ca379f6f817c618
SHA1

3eb8e83d5a5d2d1a7315258480d05619fc99e2cf
SHA256

b5f58f7b8dff76102d4c5ae99fe3118db19e4b048cb15a3e88d493d2febcdba1
SHA512

ae4b668c9257b865b9bda7dd72a29b2c91e9a9b99c16e9ac64e4e83d032f5dc0f2453d4bb39a4608f0623c8a9f3f73bf9b72d631132b3270a4a5d9f26318a71d
SSDEEP

3072:FQkhyclbL62utQWu7mwBBvCKGXmvevPXMCWnvyGCIB:FQl/uzCHW63IB

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  b5f58f7b8dff76102d4c5ae99fe3118db19e4b048cb15a3e88d493d2febcdba1
- Size
  
  188KB
- MD5
  
  7ca30c9cdca1c6510ca379f6f817c618
- SHA1
  
  3eb8e83d5a5d2d1a7315258480d05619fc99e2cf
- SHA256
  
  b5f58f7b8dff76102d4c5ae99fe3118db19e4b048cb15a3e88d493d2febcdba1
- SHA512
  
  ae4b668c9257b865b9bda7dd72a29b2c91e9a9b99c16e9ac64e4e83d032f5dc0f2453d4bb39a4608f0623c8a9f3f73bf9b72d631132b3270a4a5d9f26318a71d
- SSDEEP
  
  3072:FQkhyclbL62utQWu7mwBBvCKGXmvevPXMCWnvyGCIB:FQl/uzCHW63IB
Score

8^/10

evasion persistence
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Stops running service(s)
  evasion
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence