82c6298b6554989dd81251aedf22ab50022215255542a783e73c7bd81e9c16e3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

82c6298b6554989dd81251aedf22ab50022215255542a783e73c7bd81e9c16e3
Size

156KB
Sample

221205-gal3eaef2x
MD5

f42aea23b5070990a696dc3d3664a262
SHA1

4057b4f31a7e5425e5256fd817577861a28ba0da
SHA256

82c6298b6554989dd81251aedf22ab50022215255542a783e73c7bd81e9c16e3
SHA512

a0d7df85850efb7ed8f7d3f4ead1612a90e97316f80461196c63dd07bb6f0eb87199922b1b15559efaa37476421de4d9b1a70ef949d10134545603222725943d
SSDEEP

3072:NG+/Ql/CQUZSRgpimDYCMa+iLtbsRSRUK+13ScFoEJW528aZHQj:N5c/CQ5VmDvMcFdRmI4wWt

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  82c6298b6554989dd81251aedf22ab50022215255542a783e73c7bd81e9c16e3
- Size
  
  156KB
- MD5
  
  f42aea23b5070990a696dc3d3664a262
- SHA1
  
  4057b4f31a7e5425e5256fd817577861a28ba0da
- SHA256
  
  82c6298b6554989dd81251aedf22ab50022215255542a783e73c7bd81e9c16e3
- SHA512
  
  a0d7df85850efb7ed8f7d3f4ead1612a90e97316f80461196c63dd07bb6f0eb87199922b1b15559efaa37476421de4d9b1a70ef949d10134545603222725943d
- SSDEEP
  
  3072:NG+/Ql/CQUZSRgpimDYCMa+iLtbsRSRUK+13ScFoEJW528aZHQj:N5c/CQ5VmDvMcFdRmI4wWt
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2