Overview

overview

10

Static

static

bad9bdd067...9a.exe

windows7-x64

10

bad9bdd067...9a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bad9bdd067d4e85102f8e5847ceb2c19b4f125f8a4275f50e87843e57acbb79a

  • Size

    456KB

  • Sample

    221130-mfkpesbg69

  • MD5

    4fc7cfcf26bf53febaae57fe95178e65

  • SHA1

    755aa4d0c4b0425fa8808762145ee20f85ba0780

  • SHA256

    bad9bdd067d4e85102f8e5847ceb2c19b4f125f8a4275f50e87843e57acbb79a

  • SHA512

    014567222cb8feaef912ffc6d0735318e07cc0aab07e43475d408a592eee1543acc21f07a33990aec278799a712d4701524054838c966718f1f86a1e606c67e9

  • SSDEEP

    12288:JNiCRLgcxtfk5ABBEVCn3kbXwAbNyMorVy7D:yCRBEVC3kbXBKrc

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      bad9bdd067d4e85102f8e5847ceb2c19b4f125f8a4275f50e87843e57acbb79a

    • Size

      456KB

    • MD5

      4fc7cfcf26bf53febaae57fe95178e65

    • SHA1

      755aa4d0c4b0425fa8808762145ee20f85ba0780

    • SHA256

      bad9bdd067d4e85102f8e5847ceb2c19b4f125f8a4275f50e87843e57acbb79a

    • SHA512

      014567222cb8feaef912ffc6d0735318e07cc0aab07e43475d408a592eee1543acc21f07a33990aec278799a712d4701524054838c966718f1f86a1e606c67e9

    • SSDEEP

      12288:JNiCRLgcxtfk5ABBEVCn3kbXwAbNyMorVy7D:yCRBEVC3kbXBKrc

    Score
    10/10
    evasionpersistence

    • Modifies firewall policy service

      evasion

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks