5b973e6504e88c174a4c683b8d83a9221b063fa1fb794e2750cd36ebcba2378c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b973e6504e88c174a4c683b8d83a9221b063fa1fb794e2750cd36ebcba2378c
Size

177KB
Sample

221201-kxtmjsgb4z
MD5

1d82234b88aa0cda3695f36b943eb647
SHA1

781b532c97ac7e90555cb272d3eae9f914fc9613
SHA256

5b973e6504e88c174a4c683b8d83a9221b063fa1fb794e2750cd36ebcba2378c
SHA512

7d80956f0f8a0dc06948142bc1c37d43ff5d1d2446475ce07246545f2f4b2887af3785bb59fb81a323f048c84a87368646782a307c70be0dd8ecd0a80bb64c40
SSDEEP

3072:38Z/G4MhpabhLlDvVC5j6O7M0leLzt6aulE6DMyfIp1N/mbtZnyhIF+JZ:38Z/G4MhovVC5mO7flEzhAvMygp1lmH

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5b973e6504e88c174a4c683b8d83a9221b063fa1fb794e2750cd36ebcba2378c
- Size
  
  177KB
- MD5
  
  1d82234b88aa0cda3695f36b943eb647
- SHA1
  
  781b532c97ac7e90555cb272d3eae9f914fc9613
- SHA256
  
  5b973e6504e88c174a4c683b8d83a9221b063fa1fb794e2750cd36ebcba2378c
- SHA512
  
  7d80956f0f8a0dc06948142bc1c37d43ff5d1d2446475ce07246545f2f4b2887af3785bb59fb81a323f048c84a87368646782a307c70be0dd8ecd0a80bb64c40
- SSDEEP
  
  3072:38Z/G4MhpabhLlDvVC5j6O7M0leLzt6aulE6DMyfIp1N/mbtZnyhIF+JZ:38Z/G4MhovVC5mO7flEzhAvMygp1lmH
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2