513a984b5de35c83558f0c0d336619b0fb0a00f5ecd2fc4ccfabcf3d8ef191ac | Triage

Sharing

General

Target

bcb07215167cca65d7fa20884c819f20_exe32.exe
Size

516KB
Sample

231015-yfx6asgb58
MD5

bcb07215167cca65d7fa20884c819f20
SHA1

236f145456a6bb808aea131a44e0051899bb725d
SHA256

513a984b5de35c83558f0c0d336619b0fb0a00f5ecd2fc4ccfabcf3d8ef191ac
SHA512

cace699ecbaa398c7f15de5c1ce38f7bd66cfc3179047c55b9fa1416bc0d8483d843d01c38be403342a7390617f3b5d526df1c2e8ff8aca23f21fe2f49cc2ff5
SSDEEP

12288:1emPl1dtgvyiPiAw/P6mlZoLoWZerTdZKP9DOMAw:MExmvNPxw/7XoUWumxft

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  bcb07215167cca65d7fa20884c819f20_exe32.exe
- Size
  
  516KB
- MD5
  
  bcb07215167cca65d7fa20884c819f20
- SHA1
  
  236f145456a6bb808aea131a44e0051899bb725d
- SHA256
  
  513a984b5de35c83558f0c0d336619b0fb0a00f5ecd2fc4ccfabcf3d8ef191ac
- SHA512
  
  cace699ecbaa398c7f15de5c1ce38f7bd66cfc3179047c55b9fa1416bc0d8483d843d01c38be403342a7390617f3b5d526df1c2e8ff8aca23f21fe2f49cc2ff5
- SSDEEP
  
  12288:1emPl1dtgvyiPiAw/P6mlZoLoWZerTdZKP9DOMAw:MExmvNPxw/7XoUWumxft
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence