be3c004bb53832972fa9fbef4a77f5a270b5a1da74b0f4598a82d5f1d5962913 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be3c004bb53832972fa9fbef4a77f5a270b5a1da74b0f4598a82d5f1d5962913
Size

404KB
Sample

221206-czyehsca3x
MD5

5e092c515f6f47a16d70407410ab4577
SHA1

5b3b364c29c7a833c9de8bda9cc109a7e14194cc
SHA256

be3c004bb53832972fa9fbef4a77f5a270b5a1da74b0f4598a82d5f1d5962913
SHA512

ae112ce5b34905b538e4753fbfb6b2346c47e3079613c6600591100ae52a0664a952c2a2a96dec32639358b27cb8376ea7f73f5d89cf3d9b495de88686582f73
SSDEEP

6144:sLHMgD1LBUpzEtSLA7I85O2AGwbIPLN9MyKMCjlHzgD:BgvVtSU8cS69My0g

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  be3c004bb53832972fa9fbef4a77f5a270b5a1da74b0f4598a82d5f1d5962913
- Size
  
  404KB
- MD5
  
  5e092c515f6f47a16d70407410ab4577
- SHA1
  
  5b3b364c29c7a833c9de8bda9cc109a7e14194cc
- SHA256
  
  be3c004bb53832972fa9fbef4a77f5a270b5a1da74b0f4598a82d5f1d5962913
- SHA512
  
  ae112ce5b34905b538e4753fbfb6b2346c47e3079613c6600591100ae52a0664a952c2a2a96dec32639358b27cb8376ea7f73f5d89cf3d9b495de88686582f73
- SSDEEP
  
  6144:sLHMgD1LBUpzEtSLA7I85O2AGwbIPLN9MyKMCjlHzgD:BgvVtSU8cS69My0g
Score

9^/10

evasion persistence
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Account Manipulation

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Account Manipulation

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence