ace5375c3af06262bad57cb5060ca7cd30a24f586e4a4e86129f32f6d10708df | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ace5375c3af06262bad57cb5060ca7cd30a24f586e4a4e86129f32f6d10708df
Size

1024KB
Sample

221201-yb7tyagh6y
MD5

42bb29ede66f4db50a75c1a507658aca
SHA1

c048235714e7856645e352d5e0901f4cca181276
SHA256

ace5375c3af06262bad57cb5060ca7cd30a24f586e4a4e86129f32f6d10708df
SHA512

46bf5b4fa80cab81e31c952afdca731f81e838cc421fac89cb39f27d3d73b249dd71b6a05b1f760b9733733b7699879504f05f5638d28c3ba7ff4b8959809360
SSDEEP

6144:CAkyLqS1lXT/tPnXGS9COsvX6/a5o2BAHFEWP0DiSqVLTAJ97Jhn6V70ttJ:xvTll9DG6/aBGECIiLLTf70t

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ace5375c3af06262bad57cb5060ca7cd30a24f586e4a4e86129f32f6d10708df
- Size
  
  1024KB
- MD5
  
  42bb29ede66f4db50a75c1a507658aca
- SHA1
  
  c048235714e7856645e352d5e0901f4cca181276
- SHA256
  
  ace5375c3af06262bad57cb5060ca7cd30a24f586e4a4e86129f32f6d10708df
- SHA512
  
  46bf5b4fa80cab81e31c952afdca731f81e838cc421fac89cb39f27d3d73b249dd71b6a05b1f760b9733733b7699879504f05f5638d28c3ba7ff4b8959809360
- SSDEEP
  
  6144:CAkyLqS1lXT/tPnXGS9COsvX6/a5o2BAHFEWP0DiSqVLTAJ97Jhn6V70ttJ:xvTll9DG6/aBGECIiLLTf70t
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2