gh0strat | aa92f65def527de28f2f6e956e4b4849b1e5e441919df86139e96221101a828b | Triage

Sharing

General

Target

aa92f65def527de28f2f6e956e4b4849b1e5e441919df86139e96221101a828b
Size

180KB
Sample

231012-f3mnzabg32
MD5

019231ec771e7404a8df6aacc002fbea
SHA1

a6ff0f4d8e8174e69b2e737f2908836f520e0efc
SHA256

aa92f65def527de28f2f6e956e4b4849b1e5e441919df86139e96221101a828b
SHA512

075e3afd8213833a163d7ab6e46286deeb9b71b1dd4e857db181591438485e20e7b625cae7bb200e9c34d208aebe2458eaad32570fee3bb1fb69d7c64629bb75
SSDEEP

3072:RblTMtIkyV+gXwabnWpXje3htTBfdMFw67+:RbmOk5+wCngXyRtTB1+L+

Score

10^/10

gh0strat persistence

Malware Config

Targets

- Target
  
  aa92f65def527de28f2f6e956e4b4849b1e5e441919df86139e96221101a828b
- Size
  
  180KB
- MD5
  
  019231ec771e7404a8df6aacc002fbea
- SHA1
  
  a6ff0f4d8e8174e69b2e737f2908836f520e0efc
- SHA256
  
  aa92f65def527de28f2f6e956e4b4849b1e5e441919df86139e96221101a828b
- SHA512
  
  075e3afd8213833a163d7ab6e46286deeb9b71b1dd4e857db181591438485e20e7b625cae7bb200e9c34d208aebe2458eaad32570fee3bb1fb69d7c64629bb75
- SSDEEP
  
  3072:RblTMtIkyV+gXwabnWpXje3htTBfdMFw67+:RbmOk5+wCngXyRtTB1+L+
Score

8^/10

persistence
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2