f267211ac6bbb7063b8e6fb93540735f1a9b7318e903c1728a9b3b445e97587f | Triage

Sharing

General

Target

f267211ac6bbb7063b8e6fb93540735f1a9b7318e903c1728a9b3b445e97587f
Size

142KB
Sample

221203-zff3fsha9v
MD5

4665f65bf96465764225d19edd7b8f04
SHA1

e89033bde6836c32e094b2065d24536ca71a428d
SHA256

f267211ac6bbb7063b8e6fb93540735f1a9b7318e903c1728a9b3b445e97587f
SHA512

fc4179865a7ab76b1a0f0422a33cb6fe13270677cc310541febc27bafc6ebf19d656b29245a0ff069dc21b23b5a593ace15f098fe808c29053ef185c5695d833
SSDEEP

3072:RHvg4wwFNB9yavgYKPzh+OxqsAiNvc3sPqJBvjB/D:RHvpwwFNB9yMgYKbTrAiN2fjB/D

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f267211ac6bbb7063b8e6fb93540735f1a9b7318e903c1728a9b3b445e97587f
- Size
  
  142KB
- MD5
  
  4665f65bf96465764225d19edd7b8f04
- SHA1
  
  e89033bde6836c32e094b2065d24536ca71a428d
- SHA256
  
  f267211ac6bbb7063b8e6fb93540735f1a9b7318e903c1728a9b3b445e97587f
- SHA512
  
  fc4179865a7ab76b1a0f0422a33cb6fe13270677cc310541febc27bafc6ebf19d656b29245a0ff069dc21b23b5a593ace15f098fe808c29053ef185c5695d833
- SSDEEP
  
  3072:RHvg4wwFNB9yavgYKPzh+OxqsAiNvc3sPqJBvjB/D:RHvpwwFNB9yMgYKbTrAiN2fjB/D
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence