dec245690b87d93788cc8eff89021dd69f069a6e2a52dbce14e4b4952542a355 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38388b46b999eb04af32f6ffe5a3cb6d
Size

1.2MB
Sample

231225-x85v6sdch9
MD5

38388b46b999eb04af32f6ffe5a3cb6d
SHA1

c7628a8af84988b608dd03dce635fde70b815e1a
SHA256

dec245690b87d93788cc8eff89021dd69f069a6e2a52dbce14e4b4952542a355
SHA512

3f1ab02c1235afa14d46eb0065e26859a3156a34ed405fe3002705a9f432ec0d208db41fd969c6d621709165f4f2ffbf5576cde78b8a9fc07398352aff53ece8
SSDEEP

12288:5VrOL3zUFwNI8JGTnTcKyErfL3WICPi0ki3e5BQL:i3zzlsDW95eB

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  38388b46b999eb04af32f6ffe5a3cb6d
- Size
  
  1.2MB
- MD5
  
  38388b46b999eb04af32f6ffe5a3cb6d
- SHA1
  
  c7628a8af84988b608dd03dce635fde70b815e1a
- SHA256
  
  dec245690b87d93788cc8eff89021dd69f069a6e2a52dbce14e4b4952542a355
- SHA512
  
  3f1ab02c1235afa14d46eb0065e26859a3156a34ed405fe3002705a9f432ec0d208db41fd969c6d621709165f4f2ffbf5576cde78b8a9fc07398352aff53ece8
- SSDEEP
  
  12288:5VrOL3zUFwNI8JGTnTcKyErfL3WICPi0ki3e5BQL:i3zzlsDW95eB
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2