18f7423d283aa1aa5c2c54b823f99f75fc8d4decaed513db91c1be02ab98fb3d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

KMS_VL_ALL_AIO.cmd
Size

300KB
Sample

230212-asxtasgc65
MD5

c8642fd825543b510b0a5fa118cc5b80
SHA1

5f80cdf39a0ee22321a73544a4939faddedd575b
SHA256

18f7423d283aa1aa5c2c54b823f99f75fc8d4decaed513db91c1be02ab98fb3d
SHA512

7df23e2afa00ae4dd913dd2d8e84a603e30cdccfedd85cd108da674e13b1aefc3b082b3cac95f457a11125c4bb6a11d46a24f2bc933797952dd0c0a1e6e7a363
SSDEEP

6144:WiJNJzLuupIW1GnFS0xmfKD5pw9rIjEUqbj8HmAkNp/4:5JNJzVpIRxmyD5pmUjE/j8GAk7/4

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  KMS_VL_ALL_AIO.cmd
- Size
  
  300KB
- MD5
  
  c8642fd825543b510b0a5fa118cc5b80
- SHA1
  
  5f80cdf39a0ee22321a73544a4939faddedd575b
- SHA256
  
  18f7423d283aa1aa5c2c54b823f99f75fc8d4decaed513db91c1be02ab98fb3d
- SHA512
  
  7df23e2afa00ae4dd913dd2d8e84a603e30cdccfedd85cd108da674e13b1aefc3b082b3cac95f457a11125c4bb6a11d46a24f2bc933797952dd0c0a1e6e7a363
- SSDEEP
  
  6144:WiJNJzLuupIW1GnFS0xmfKD5pw9rIjEUqbj8HmAkNp/4:5JNJzVpIRxmyD5pmUjE/j8GAk7/4
Score

8^/10

persistence evasion
- Sets file execution options in registry
  persistence
- Stops running service(s)
  evasion
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

evasionpersistence