85239ae363ce6192e6fea55d41f894f5b21940b467e1cd5fae3cf03221a4f13d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85239ae363ce6192e6fea55d41f894f5b21940b467e1cd5fae3cf03221a4f13d
Size

538KB
Sample

221201-cphajseg57
MD5

6c81233e750908cdbb9c1cd2cf2f356f
SHA1

84cc542e88f50f4b7f2a344caee5ccc55277de3e
SHA256

85239ae363ce6192e6fea55d41f894f5b21940b467e1cd5fae3cf03221a4f13d
SHA512

836bc1aa0712950f625120a2992f75c92702b7caff144eca95970c9e30456fc11292b76715dc554c8c07023570f2da7baf5fc302152e7fd9afc2e68580ada764
SSDEEP

6144:h04aIWPchrTVwmUQLn/L0cXiXnKU+T2Mn6ZfcP8Y+zczo2dtfUAKsbtQmXdcmsXb:Gc1TVnUO0JC6VzKo2dtrKm+xuuQcsDi

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  85239ae363ce6192e6fea55d41f894f5b21940b467e1cd5fae3cf03221a4f13d
- Size
  
  538KB
- MD5
  
  6c81233e750908cdbb9c1cd2cf2f356f
- SHA1
  
  84cc542e88f50f4b7f2a344caee5ccc55277de3e
- SHA256
  
  85239ae363ce6192e6fea55d41f894f5b21940b467e1cd5fae3cf03221a4f13d
- SHA512
  
  836bc1aa0712950f625120a2992f75c92702b7caff144eca95970c9e30456fc11292b76715dc554c8c07023570f2da7baf5fc302152e7fd9afc2e68580ada764
- SSDEEP
  
  6144:h04aIWPchrTVwmUQLn/L0cXiXnKU+T2Mn6ZfcP8Y+zczo2dtfUAKsbtQmXdcmsXb:Gc1TVnUO0JC6VzKo2dtrKm+xuuQcsDi
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence