e60e5ab66a2c80da67b63f74e8c5a3e94f43a3fc79efd69a525b140572c4a766 | Triage

Sharing

General

Target

e60e5ab66a2c80da67b63f74e8c5a3e94f43a3fc79efd69a525b140572c4a766
Size

1.5MB
Sample

230330-qdz8wacg54
MD5

c2ecd8425110620f8f6451e3b6bda838
SHA1

00eca57dbd38dbd97b21e19ebaf451ab412189be
SHA256

e60e5ab66a2c80da67b63f74e8c5a3e94f43a3fc79efd69a525b140572c4a766
SHA512

7f88a3c9c1e75fe4421805190099484af662e8dfc646e49c30a777ecf82a6ba2955505bbd3aac31da2ec712f2960faa43e2f6b1512e1ce3b59459d6984c1d442
SSDEEP

49152:GnnSosNlOlf/kbsoiZjYuBRRM9OZ7ipr27fCEfO+:GnSoEOVkbOjY0PM9aK2+a

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  e60e5ab66a2c80da67b63f74e8c5a3e94f43a3fc79efd69a525b140572c4a766
- Size
  
  1.5MB
- MD5
  
  c2ecd8425110620f8f6451e3b6bda838
- SHA1
  
  00eca57dbd38dbd97b21e19ebaf451ab412189be
- SHA256
  
  e60e5ab66a2c80da67b63f74e8c5a3e94f43a3fc79efd69a525b140572c4a766
- SHA512
  
  7f88a3c9c1e75fe4421805190099484af662e8dfc646e49c30a777ecf82a6ba2955505bbd3aac31da2ec712f2960faa43e2f6b1512e1ce3b59459d6984c1d442
- SSDEEP
  
  49152:GnnSosNlOlf/kbsoiZjYuBRRM9OZ7ipr27fCEfO+:GnSoEOVkbOjY0PM9aK2+a
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence