f209bbcb8c2faba3b74b4dbd283bff6cf430e91e52f143b153e873ac9a6270c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f209bbcb8c2faba3b74b4dbd283bff6cf430e91e52f143b153e873ac9a6270c2
Size

756KB
Sample

221204-cyxrlahf27
MD5

2d9d9bc9e00de9a39a3c0d22cd43ed7c
SHA1

9172eb8ffd095a660effa03ab5a79cd3d8569895
SHA256

f209bbcb8c2faba3b74b4dbd283bff6cf430e91e52f143b153e873ac9a6270c2
SHA512

e72c1d2e5c6dce579f155587649d92b15ed259e61cfd8c633e9adba58044c5d3965e21a1c2f1ed18f71bd268b675baea610a6c86fa42d0a2b62d8f35adf9b990
SSDEEP

12288:VzzGJYGNTRhdsPLpdbasSeeeuXxcUQedTCtUSte8cFLbmsQkv4ExPkffznPeVie:VzzGHRhdsPLpdba84xcaShIOA4ExPuzO

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f209bbcb8c2faba3b74b4dbd283bff6cf430e91e52f143b153e873ac9a6270c2
- Size
  
  756KB
- MD5
  
  2d9d9bc9e00de9a39a3c0d22cd43ed7c
- SHA1
  
  9172eb8ffd095a660effa03ab5a79cd3d8569895
- SHA256
  
  f209bbcb8c2faba3b74b4dbd283bff6cf430e91e52f143b153e873ac9a6270c2
- SHA512
  
  e72c1d2e5c6dce579f155587649d92b15ed259e61cfd8c633e9adba58044c5d3965e21a1c2f1ed18f71bd268b675baea610a6c86fa42d0a2b62d8f35adf9b990
- SSDEEP
  
  12288:VzzGJYGNTRhdsPLpdbasSeeeuXxcUQedTCtUSte8cFLbmsQkv4ExPkffznPeVie:VzzGHRhdsPLpdba84xcaShIOA4ExPuzO
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence