ffb63c84db365a0022a2e758855bdf4f0df27815d80923ae929afd0c888fade3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffb63c84db365a0022a2e758855bdf4f0df27815d80923ae929afd0c888fade3
Size

1.1MB
Sample

221206-pm4rzsgh92
MD5

a3c6428224b78bbc4fcdd635bf6e2be2
SHA1

8e6a2b41043696853bc387f5b10961cd7f59fc6e
SHA256

ffb63c84db365a0022a2e758855bdf4f0df27815d80923ae929afd0c888fade3
SHA512

84a4f03348ed6f28d843dde06e7dd2612e5309fff5684e322729588b8757a5d2346fea9f55f04d74b127e896a94270166414b702985920a33de955899a593b7d
SSDEEP

24576:NP1hfFf4mtm4hxrknHg8GdWPc1dpqeuGT+AW/4ZYLd:NPaumitjfWPiL5Td

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ffb63c84db365a0022a2e758855bdf4f0df27815d80923ae929afd0c888fade3
- Size
  
  1.1MB
- MD5
  
  a3c6428224b78bbc4fcdd635bf6e2be2
- SHA1
  
  8e6a2b41043696853bc387f5b10961cd7f59fc6e
- SHA256
  
  ffb63c84db365a0022a2e758855bdf4f0df27815d80923ae929afd0c888fade3
- SHA512
  
  84a4f03348ed6f28d843dde06e7dd2612e5309fff5684e322729588b8757a5d2346fea9f55f04d74b127e896a94270166414b702985920a33de955899a593b7d
- SSDEEP
  
  24576:NP1hfFf4mtm4hxrknHg8GdWPc1dpqeuGT+AW/4ZYLd:NPaumitjfWPiL5Td
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence