fb909600aaa17c090aceac895aaf5d869634bfca3a9fad3bb27dbac262ea6850 | Triage

Sharing

General

Target

fb909600aaa17c090aceac895aaf5d869634bfca3a9fad3bb27dbac262ea6850
Size

114KB
Sample

221204-dnt4dsbf26
MD5

26e00622f6f950f563719001df0ab540
SHA1

70e4004ec7c4e3c27963fae19e9c05f7f31b5ca0
SHA256

fb909600aaa17c090aceac895aaf5d869634bfca3a9fad3bb27dbac262ea6850
SHA512

35b510892921787b4158508ebd3e7699abfaf53f426721da75e061f40420caa48b2b47c4a726952f987cc8b64511b787f430a8f02bfbc3fbf481345b436d0a86
SSDEEP

3072:PiHxG9wj0oKkrk45pks9sFSLrDtt7CfijF9/8VlE:KRG9CikV5pJvLd90Vu

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fb909600aaa17c090aceac895aaf5d869634bfca3a9fad3bb27dbac262ea6850
- Size
  
  114KB
- MD5
  
  26e00622f6f950f563719001df0ab540
- SHA1
  
  70e4004ec7c4e3c27963fae19e9c05f7f31b5ca0
- SHA256
  
  fb909600aaa17c090aceac895aaf5d869634bfca3a9fad3bb27dbac262ea6850
- SHA512
  
  35b510892921787b4158508ebd3e7699abfaf53f426721da75e061f40420caa48b2b47c4a726952f987cc8b64511b787f430a8f02bfbc3fbf481345b436d0a86
- SSDEEP
  
  3072:PiHxG9wj0oKkrk45pks9sFSLrDtt7CfijF9/8VlE:KRG9CikV5pJvLd90Vu
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence