9ff14c5f0e47b81cc7055462e550865fe3e03fc5b065fe8eabbf8a53f7f29b0d | Triage

Sharing

General

Target

9ff14c5f0e47b81cc7055462e550865fe3e03fc5b065fe8eabbf8a53f7f29b0d
Size

272KB
Sample

221205-ms1w6sfe4x
MD5

a8cfb5158b1d5b316c87a06952b91a6d
SHA1

da3379d5fde4b779a12821432acf20d2b2dc6915
SHA256

9ff14c5f0e47b81cc7055462e550865fe3e03fc5b065fe8eabbf8a53f7f29b0d
SHA512

5d548e48f99c1e24ecbc24b13ef49912fa25b634a466c24ec4daf08796b05b2cfc5b9749cb23eb4f2c2b3a258c3fce9860d1aee99df9ea6b3ee877147e8856e3
SSDEEP

768:LBVqODfudWtyxxFFqgy/MXdXtxMdbuBesorniC+GmLS61VB9bpDRi:LBLGFoyxMIBCriL+63VRi

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9ff14c5f0e47b81cc7055462e550865fe3e03fc5b065fe8eabbf8a53f7f29b0d
- Size
  
  272KB
- MD5
  
  a8cfb5158b1d5b316c87a06952b91a6d
- SHA1
  
  da3379d5fde4b779a12821432acf20d2b2dc6915
- SHA256
  
  9ff14c5f0e47b81cc7055462e550865fe3e03fc5b065fe8eabbf8a53f7f29b0d
- SHA512
  
  5d548e48f99c1e24ecbc24b13ef49912fa25b634a466c24ec4daf08796b05b2cfc5b9749cb23eb4f2c2b3a258c3fce9860d1aee99df9ea6b3ee877147e8856e3
- SSDEEP
  
  768:LBVqODfudWtyxxFFqgy/MXdXtxMdbuBesorniC+GmLS61VB9bpDRi:LBLGFoyxMIBCriL+63VRi
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Modifies AppInit DLL entries
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence