6f3ee1accd5eaff01776a95e812b531510f52fa5facfc89bd7b295577921dcb1 | Triage

Sharing

General

Target

6f3ee1accd5eaff01776a95e812b531510f52fa5facfc89bd7b295577921dcb1
Size

1.1MB
Sample

221206-sgn15acb91
MD5

4aaba39ea7385b77d10258502e99a6c4
SHA1

26e1f02da82c82ac33ef4fc4c804c45d0c32ab55
SHA256

6f3ee1accd5eaff01776a95e812b531510f52fa5facfc89bd7b295577921dcb1
SHA512

ae311678a0db228728114b7cd7fad4372e701dd759a2f3e0c33b095583da616bd4748513113c137b5c99e0287669a9f6d4bdb6d3e9a0a5d0a96059bde96ed86a
SSDEEP

24576:zAHGv5Slb/otvtOQDNMpunxB+dU8RXti/2Lni3YCvBIGDmUnkbWVtZ:zAmhSlEfOQpMgxBGVRXtiqgT+O3

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6f3ee1accd5eaff01776a95e812b531510f52fa5facfc89bd7b295577921dcb1
- Size
  
  1.1MB
- MD5
  
  4aaba39ea7385b77d10258502e99a6c4
- SHA1
  
  26e1f02da82c82ac33ef4fc4c804c45d0c32ab55
- SHA256
  
  6f3ee1accd5eaff01776a95e812b531510f52fa5facfc89bd7b295577921dcb1
- SHA512
  
  ae311678a0db228728114b7cd7fad4372e701dd759a2f3e0c33b095583da616bd4748513113c137b5c99e0287669a9f6d4bdb6d3e9a0a5d0a96059bde96ed86a
- SSDEEP
  
  24576:zAHGv5Slb/otvtOQDNMpunxB+dU8RXti/2Lni3YCvBIGDmUnkbWVtZ:zAmhSlEfOQpMgxBGVRXtiqgT+O3
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence