b92a73dafe4847c635d031f9a0a4963d32336f65e179a49050c2bf8dc97d800d | Triage

Sharing

General

Target

b92a73dafe4847c635d031f9a0a4963d32336f65e179a49050c2bf8dc97d800d
Size

140KB
Sample

221129-qb9drsec6x
MD5

ba8db3db1620653c676f80e8f79bff06
SHA1

43fdead135ad02559ee63904fb144f38ce48171b
SHA256

b92a73dafe4847c635d031f9a0a4963d32336f65e179a49050c2bf8dc97d800d
SHA512

113077f5941ed690df17697f5570075563f12d1e880c8013c586d5db428bd4a863bfaddd6dc7f2c1de99a2ceb78cc35b831d671f409ae8fb2974357391080423
SSDEEP

3072:jlIgGTD+E3ZwOx1yh9SdADxL0yYSsU4JKTBfjlyg//c:jlITTDXNyhDayYSsWTB7lyg//

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  b92a73dafe4847c635d031f9a0a4963d32336f65e179a49050c2bf8dc97d800d
- Size
  
  140KB
- MD5
  
  ba8db3db1620653c676f80e8f79bff06
- SHA1
  
  43fdead135ad02559ee63904fb144f38ce48171b
- SHA256
  
  b92a73dafe4847c635d031f9a0a4963d32336f65e179a49050c2bf8dc97d800d
- SHA512
  
  113077f5941ed690df17697f5570075563f12d1e880c8013c586d5db428bd4a863bfaddd6dc7f2c1de99a2ceb78cc35b831d671f409ae8fb2974357391080423
- SSDEEP
  
  3072:jlIgGTD+E3ZwOx1yh9SdADxL0yYSsU4JKTBfjlyg//c:jlITTDXNyhDayYSsWTB7lyg//
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence