d233bad17b56d3d38ba5e1f3f3f8ca60180a3c6978c329a539ccdd3dfcaf77b6 | Triage

Sharing

General

Target

d233bad17b56d3d38ba5e1f3f3f8ca60180a3c6978c329a539ccdd3dfcaf77b6
Size

168KB
Sample

221203-pn834adg4w
MD5

daa97f9ceaf67fe0208ca726378b96e9
SHA1

752d46fd2c865ef06bc4d3f352f3064fdd80f51b
SHA256

d233bad17b56d3d38ba5e1f3f3f8ca60180a3c6978c329a539ccdd3dfcaf77b6
SHA512

490406aa70797aaf5c7b736de5b0a58e467b5a8997418571b7d6fa29a587ab8e0e9710d1a71f2e973700619cf5f2170f0804232e167064e8bf2091ccee87009b
SSDEEP

3072:/KUSBPD4qJiktryvtWrdVDXBx+vfWZ3cW/ozyLXQqoCr+tHF6ZfPFYBekSNuo6ar:/pSBPDvJiay1G/DXfMOZM0tLXQqvr+tx

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d233bad17b56d3d38ba5e1f3f3f8ca60180a3c6978c329a539ccdd3dfcaf77b6
- Size
  
  168KB
- MD5
  
  daa97f9ceaf67fe0208ca726378b96e9
- SHA1
  
  752d46fd2c865ef06bc4d3f352f3064fdd80f51b
- SHA256
  
  d233bad17b56d3d38ba5e1f3f3f8ca60180a3c6978c329a539ccdd3dfcaf77b6
- SHA512
  
  490406aa70797aaf5c7b736de5b0a58e467b5a8997418571b7d6fa29a587ab8e0e9710d1a71f2e973700619cf5f2170f0804232e167064e8bf2091ccee87009b
- SSDEEP
  
  3072:/KUSBPD4qJiktryvtWrdVDXBx+vfWZ3cW/ozyLXQqoCr+tHF6ZfPFYBekSNuo6ar:/pSBPDvJiay1G/DXfMOZM0tLXQqvr+tx
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2