09fd13bee5d66d0d680349b861f28c6b3f3fae59c355820b6042154ae429d4f1 | Triage

Sharing

General

Target

KMSAuto Net.exe
Size

6.6MB
Sample

230201-1g6vyace29
MD5

4fd1df675fb17d1857fe5bb15125b86a
SHA1

00e7ac60500d114ef4e9d2c17caee033a883c95d
SHA256

09fd13bee5d66d0d680349b861f28c6b3f3fae59c355820b6042154ae429d4f1
SHA512

d5ddd749003d5569a3e832d7758d96f6631377c5225e2b22b23017ea9d8858895d7b63d7e61d6588c93397080c05be23db69fb9efcb9484b675e1c0d507cad58
SSDEEP

196608:ViywBGqyw1lT3ywuywQyw1ywlywaywTyw9lywfywEyw1ywHywwywmIBywyywNywl:BwBGnw1l+wjwNw4wIw3w2w9IwqwJw4wJ

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  KMSAuto Net.exe
- Size
  
  6.6MB
- MD5
  
  4fd1df675fb17d1857fe5bb15125b86a
- SHA1
  
  00e7ac60500d114ef4e9d2c17caee033a883c95d
- SHA256
  
  09fd13bee5d66d0d680349b861f28c6b3f3fae59c355820b6042154ae429d4f1
- SHA512
  
  d5ddd749003d5569a3e832d7758d96f6631377c5225e2b22b23017ea9d8858895d7b63d7e61d6588c93397080c05be23db69fb9efcb9484b675e1c0d507cad58
- SSDEEP
  
  196608:ViywBGqyw1lT3ywuywQyw1ywlywaywTyw9lywfywEyw1ywHywwywmIBywyywNywl:BwBGnw1l+wjwNw4wIw3w2w9IwqwJw4wJ
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence