fbfd3c8ce00170e1ee29922c5563a7fa64e65bbd1431a48cbc1f0a7fa5fa57c1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbfd3c8ce00170e1ee29922c5563a7fa64e65bbd1431a48cbc1f0a7fa5fa57c1
Size

120KB
Sample

221204-j59hasfb9y
MD5

8322cc372aaa560cc766c43721158a8a
SHA1

571e7ab67b634137d9720471042115e2b86acb3a
SHA256

fbfd3c8ce00170e1ee29922c5563a7fa64e65bbd1431a48cbc1f0a7fa5fa57c1
SHA512

20850c5724c073f3680c9191d1b35623848a20404f10068aa5184b5ceb987adcd0a0e57211028740d48b3f139273871854def5dc8b47fec77709e2d83092b8a8
SSDEEP

1536:Z6CcQOLfUdmRoBDVYV9iMdFqB3yA+5YeEsaKNeIVZ+nfjXBxq65PgW5nYnt47b:ZTfrioMaBSYeeKcIVMnrRk61dY+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fbfd3c8ce00170e1ee29922c5563a7fa64e65bbd1431a48cbc1f0a7fa5fa57c1
- Size
  
  120KB
- MD5
  
  8322cc372aaa560cc766c43721158a8a
- SHA1
  
  571e7ab67b634137d9720471042115e2b86acb3a
- SHA256
  
  fbfd3c8ce00170e1ee29922c5563a7fa64e65bbd1431a48cbc1f0a7fa5fa57c1
- SHA512
  
  20850c5724c073f3680c9191d1b35623848a20404f10068aa5184b5ceb987adcd0a0e57211028740d48b3f139273871854def5dc8b47fec77709e2d83092b8a8
- SSDEEP
  
  1536:Z6CcQOLfUdmRoBDVYV9iMdFqB3yA+5YeEsaKNeIVZ+nfjXBxq65PgW5nYnt47b:ZTfrioMaBSYeeKcIVMnrRk61dY+
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence