d4beb91ac337e80c7b3bed086e7ea6a87582585fdc0cfe14b167720946bc67e2 | Triage

Sharing

General

Target

BaffLoader.exe
Size

639KB
Sample

231029-pgd95she39
MD5

de6eb777a721e8113faa342b51188564
SHA1

1b642b90d677da09ef90dba28b458bf667365754
SHA256

d4beb91ac337e80c7b3bed086e7ea6a87582585fdc0cfe14b167720946bc67e2
SHA512

241fd4c81bd3794a73b0371839e0c6e7f341e6ce8b12a47992ebfdeef16f3bd58a39e9253805121e60921627689e0695f64215f6f1acacc157fbf29fed6a0aea
SSDEEP

12288:rGzLjAdIKHAE0X8H74vSukNPILjLJtiQwORvVRLg:MLjAdIK50Xmhukt0jmwvVR

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  BaffLoader.exe
- Size
  
  639KB
- MD5
  
  de6eb777a721e8113faa342b51188564
- SHA1
  
  1b642b90d677da09ef90dba28b458bf667365754
- SHA256
  
  d4beb91ac337e80c7b3bed086e7ea6a87582585fdc0cfe14b167720946bc67e2
- SHA512
  
  241fd4c81bd3794a73b0371839e0c6e7f341e6ce8b12a47992ebfdeef16f3bd58a39e9253805121e60921627689e0695f64215f6f1acacc157fbf29fed6a0aea
- SSDEEP
  
  12288:rGzLjAdIKHAE0X8H74vSukNPILjLJtiQwORvVRLg:MLjAdIK50Xmhukt0jmwvVR
Score

8^/10

evasion
- Stops running service(s)
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1