2e2258c8340c6322ca047672be4f7d0a3d44a5e0ce44bfee5edfed21a6327b03 | Triage

Resubmissions

10/01/2023, 11:11

230110-nab1rsbe5z 10

10/01/2023, 10:58

230110-m27fbafg47 10

Sharing

General

Target

Krnl.zip
Size

1.6MB
Sample

230110-nab1rsbe5z
MD5

473146bc4bba515b67656b61ba199323
SHA1

3b4e7a4910f90e62e6f30b561b617afc367ada0e
SHA256

2e2258c8340c6322ca047672be4f7d0a3d44a5e0ce44bfee5edfed21a6327b03
SHA512

289bb27952d020ac95a832f6c67840489d0ec464b39c48b70f063f3d3bf210f21be72cfb4af2c045197125b8d137362dc5c608f2a6d032fc3fb39bec2bdebcdb
SSDEEP

49152:jrwX025w3oWYd4cKWq485httLkUFeMadMSl5XCW7/aF:jkXhWXWq485XtnFeMaMSlcWjI

Score

10^/10

Malware Config

Targets

- Target
  
  Krnl/Krnl_Bootstrapper.exe
- Size
  
  1.8MB
- MD5
  
  7cf5b81c02503abd48c16121df1e4d60
- SHA1
  
  435383dd1baa4a01393ed8df38d708d4f88bd91a
- SHA256
  
  ffa4485b730b662d6c9e65a4e6b8687c3037838f582839821eefae481c327baf
- SHA512
  
  eb241afb553344921f15b227849b02c7f41615bd44af593c995a7df92a9e5b532819b8061f6ed361371822974cef792b7adadc8a53070333aef96e60958702ac
- SSDEEP
  
  49152:QQIu25g3oeEZM4kWEO8zhLtrMYTeyazTxLWnCzHf5Hp:QpebWEO8zJtlTeyOTI
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2