b8aec57f7e9c193fcd9796cf22997605624b8b5f9bf5f0c6190e1090d426ee31 | Triage

Sharing

General

Target

KMSAuto Net.exe
Size

8.4MB
Sample

221229-sh6ybsge7x
MD5

2fb86be791b4bb4389e55df0fec04eb7
SHA1

375dc8189059602f9eb571b473d723fad3ad3d8c
SHA256

b8aec57f7e9c193fcd9796cf22997605624b8b5f9bf5f0c6190e1090d426ee31
SHA512

3230ab05eb876879aefc5e15bb726292640c1ddf476e4108f5c8eed2f373cb852964163ccb006e3d22bc1dc2f97ac2db391af9b289f21a7b099df4c4dd94ee38
SSDEEP

196608:wokKDywCAfywOweBzcyw3ywsywDywPbywgsywZywRywxywBywEyw4ywwywmIBywI:FywCAqwUBzBwiwxwGwPewgxwUwswMw84

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  KMSAuto Net.exe
- Size
  
  8.4MB
- MD5
  
  2fb86be791b4bb4389e55df0fec04eb7
- SHA1
  
  375dc8189059602f9eb571b473d723fad3ad3d8c
- SHA256
  
  b8aec57f7e9c193fcd9796cf22997605624b8b5f9bf5f0c6190e1090d426ee31
- SHA512
  
  3230ab05eb876879aefc5e15bb726292640c1ddf476e4108f5c8eed2f373cb852964163ccb006e3d22bc1dc2f97ac2db391af9b289f21a7b099df4c4dd94ee38
- SSDEEP
  
  196608:wokKDywCAfywOweBzcyw3ywsywDywPbywgsywZywRywxywBywEyw4ywwywmIBywI:FywCAqwUBzBwiwxwGwPewgxwUwswMw84
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence