31fa8967a1daf46f9a63f6236aae0b5aca847a5738f4adf74e6a70542d2642b3 | Triage

Sharing

General

Target

31fa8967a1daf46f9a63f6236aae0b5aca847a5738f4adf74e6a70542d2642b3
Size

505KB
Sample

221206-1tam9sah2w
MD5

4d29c344dad1402d73c8fb892e8d5273
SHA1

c84b28dd9f7de1d7d095339ea2f6d3b16345afe8
SHA256

31fa8967a1daf46f9a63f6236aae0b5aca847a5738f4adf74e6a70542d2642b3
SHA512

18d7f92256a527d8caac2a03d06dc1cb20974d25ca56aa92225e386d1be2acb97777e5f162dfe1287c444b4a82389d18ce1bcfedc4c6c16e96d2214d036eaba6
SSDEEP

6144:2wBHhWBLXgF+NnSqHrp4wTNGuw7Rytx98J+p0Mu0FZMxiftlxRmB7wZ5:2eHktX2pqOwWoiAr9dRmhw

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  31fa8967a1daf46f9a63f6236aae0b5aca847a5738f4adf74e6a70542d2642b3
- Size
  
  505KB
- MD5
  
  4d29c344dad1402d73c8fb892e8d5273
- SHA1
  
  c84b28dd9f7de1d7d095339ea2f6d3b16345afe8
- SHA256
  
  31fa8967a1daf46f9a63f6236aae0b5aca847a5738f4adf74e6a70542d2642b3
- SHA512
  
  18d7f92256a527d8caac2a03d06dc1cb20974d25ca56aa92225e386d1be2acb97777e5f162dfe1287c444b4a82389d18ce1bcfedc4c6c16e96d2214d036eaba6
- SSDEEP
  
  6144:2wBHhWBLXgF+NnSqHrp4wTNGuw7Rytx98J+p0Mu0FZMxiftlxRmB7wZ5:2eHktX2pqOwWoiAr9dRmhw
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence