gh0strat | d338a3fe7790bad1d5aa379ef19d1a32edebe8505e3207c7b19725e4e45dc21d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d338a3fe7790bad1d5aa379ef19d1a32edebe8505e3207c7b19725e4e45dc21d
Size

180KB
Sample

230902-pfpz9adb64
MD5

1e56b758efe93ded8ae7f3d6b939fc5e
SHA1

423ed81bb1a7a2b2c181fa05e842b327aa9bc907
SHA256

d338a3fe7790bad1d5aa379ef19d1a32edebe8505e3207c7b19725e4e45dc21d
SHA512

cd615b8a6cd8c20e4c3a1e96733e357b21d97d12f1800f42b31b4d4b3f1b9958bd39296e84ee1212150d169f7d477762fe1fbe03c9c97db98e30eeb38b288a31
SSDEEP

3072:Fh9Z2UY0QdbA1k+p416NQmKLXZm3kkgtTBfRnMFw0PC:FhuUZQdb924I9SXM7gtTBV+xC

Score

10^/10

gh0strat persistence

Malware Config

Targets

- Target
  
  d338a3fe7790bad1d5aa379ef19d1a32edebe8505e3207c7b19725e4e45dc21d
- Size
  
  180KB
- MD5
  
  1e56b758efe93ded8ae7f3d6b939fc5e
- SHA1
  
  423ed81bb1a7a2b2c181fa05e842b327aa9bc907
- SHA256
  
  d338a3fe7790bad1d5aa379ef19d1a32edebe8505e3207c7b19725e4e45dc21d
- SHA512
  
  cd615b8a6cd8c20e4c3a1e96733e357b21d97d12f1800f42b31b4d4b3f1b9958bd39296e84ee1212150d169f7d477762fe1fbe03c9c97db98e30eeb38b288a31
- SSDEEP
  
  3072:Fh9Z2UY0QdbA1k+p416NQmKLXZm3kkgtTBfRnMFw0PC:FhuUZQdb924I9SXM7gtTBV+xC
Score

8^/10

persistence
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2