29adcac46b082afd5ffbadf8fa0704ec3f87054f67355796948c7c0810965e47 | Triage

Sharing

General

Target

29adcac46b082afd5ffbadf8fa0704ec3f87054f67355796948c7c0810965e47
Size

507KB
Sample

221201-hlr88sha7v
MD5

3764e665a39bbabd40c7b9cb76866210
SHA1

edcae183df3ea7c756ec2128aa276b63310d361f
SHA256

29adcac46b082afd5ffbadf8fa0704ec3f87054f67355796948c7c0810965e47
SHA512

1f50e4c8e8189512862e2ce2d5f6c6f444a768260bea72fb753d05d04a749c87d777d583d6a7c0339d0194b4fd1f64486477e4c95e347cb5faafade2c16cf3bd
SSDEEP

12288:ofTI1SQrLRQ8Hs2UyZWgdRkdMczFxhtfnygx7j1FLhfX:oLEHRht9RkdMc5Dtfnygx7ZX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  29adcac46b082afd5ffbadf8fa0704ec3f87054f67355796948c7c0810965e47
- Size
  
  507KB
- MD5
  
  3764e665a39bbabd40c7b9cb76866210
- SHA1
  
  edcae183df3ea7c756ec2128aa276b63310d361f
- SHA256
  
  29adcac46b082afd5ffbadf8fa0704ec3f87054f67355796948c7c0810965e47
- SHA512
  
  1f50e4c8e8189512862e2ce2d5f6c6f444a768260bea72fb753d05d04a749c87d777d583d6a7c0339d0194b4fd1f64486477e4c95e347cb5faafade2c16cf3bd
- SSDEEP
  
  12288:ofTI1SQrLRQ8Hs2UyZWgdRkdMczFxhtfnygx7j1FLhfX:oLEHRht9RkdMc5Dtfnygx7ZX
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence