8d43297cc8b03e591916b983607aff97755b162b395c05a0801c6944c823450f | Triage

Sharing

General

Target

8d43297cc8b03e591916b983607aff97755b162b395c05a0801c6944c823450f
Size

509KB
Sample

221129-tykwgaeg25
MD5

0711f47aa102ddbb50227df5ba7ce34a
SHA1

7d1212ea2c5d464675520486890374c513b66840
SHA256

8d43297cc8b03e591916b983607aff97755b162b395c05a0801c6944c823450f
SHA512

7d5bf520a4db23d09502c28ca2e256478f19f445db62d715e8fb5833167cfc7a193c9eee4ec919a493ad2e90734f421ab190df4fdb297ccc45fe924020ac46c8
SSDEEP

12288:DsvG73RqznHTlJd3r4Q2Q37oni85maU46rrZwj:sKgRz3r4rni8Xka

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8d43297cc8b03e591916b983607aff97755b162b395c05a0801c6944c823450f
- Size
  
  509KB
- MD5
  
  0711f47aa102ddbb50227df5ba7ce34a
- SHA1
  
  7d1212ea2c5d464675520486890374c513b66840
- SHA256
  
  8d43297cc8b03e591916b983607aff97755b162b395c05a0801c6944c823450f
- SHA512
  
  7d5bf520a4db23d09502c28ca2e256478f19f445db62d715e8fb5833167cfc7a193c9eee4ec919a493ad2e90734f421ab190df4fdb297ccc45fe924020ac46c8
- SSDEEP
  
  12288:DsvG73RqznHTlJd3r4Q2Q37oni85maU46rrZwj:sKgRz3r4rni8Xka
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence