de79ea0ea7d4c1cbe8d5d64f27928b5dca37647f16fe1c8cfd71bc592198f3a6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de79ea0ea7d4c1cbe8d5d64f27928b5dca37647f16fe1c8cfd71bc592198f3a6
Size

341KB
Sample

221202-zywkvshd8v
MD5

9f80e4268b2763827c8069117824768c
SHA1

d14ebadcae38803b91171f71912a0ed0a6eecf13
SHA256

de79ea0ea7d4c1cbe8d5d64f27928b5dca37647f16fe1c8cfd71bc592198f3a6
SHA512

e5b1a5e07a15e774d4df76ff3eea5d9327b8db2cd91a19a03d39c7b0d55837859d057b249f92c1bea8546c39e66f8c50fc8882c898bc5e4b7f9177f4494ff57f
SSDEEP

6144:QPhumlSEGGpP2KevaUGBeX40xFtf3Wd/6nnsC8Ytzo6S8yuxwL+qdg8K0JOe9FIZ:YTS+2Kd3ByxFtf3mcxrtzot8yuSgTe4Z

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  de79ea0ea7d4c1cbe8d5d64f27928b5dca37647f16fe1c8cfd71bc592198f3a6
- Size
  
  341KB
- MD5
  
  9f80e4268b2763827c8069117824768c
- SHA1
  
  d14ebadcae38803b91171f71912a0ed0a6eecf13
- SHA256
  
  de79ea0ea7d4c1cbe8d5d64f27928b5dca37647f16fe1c8cfd71bc592198f3a6
- SHA512
  
  e5b1a5e07a15e774d4df76ff3eea5d9327b8db2cd91a19a03d39c7b0d55837859d057b249f92c1bea8546c39e66f8c50fc8882c898bc5e4b7f9177f4494ff57f
- SSDEEP
  
  6144:QPhumlSEGGpP2KevaUGBeX40xFtf3Wd/6nnsC8Ytzo6S8yuxwL+qdg8K0JOe9FIZ:YTS+2Kd3ByxFtf3mcxrtzot8yuSgTe4Z
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence