cb77b380bd2d878c9b09584563f17706e7c41f59121efad14ec2990fe1cce991 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f44a70765345c7be8505e1902750d27
Size

210KB
Sample

231226-dqefqadfap
MD5

4f44a70765345c7be8505e1902750d27
SHA1

a81b876ed52f91e57042a6330f37acc3cc3c3300
SHA256

cb77b380bd2d878c9b09584563f17706e7c41f59121efad14ec2990fe1cce991
SHA512

c7de369fb3a7380cb968b26152dcee9ebeac7cfa42130e17b2a3f2c938ff5bd1978e361a35d2a2b719aece22442f8f060990c21dedeadcece7c5278fc9173c64
SSDEEP

3072:+oOx0EXvLK5TPRgARMlMUdp47hcTgxtnnccfK49+tBxWME/UOAQxpFQKb:+oOhvkTPapJ4bt0tBAXF5pqK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4f44a70765345c7be8505e1902750d27
- Size
  
  210KB
- MD5
  
  4f44a70765345c7be8505e1902750d27
- SHA1
  
  a81b876ed52f91e57042a6330f37acc3cc3c3300
- SHA256
  
  cb77b380bd2d878c9b09584563f17706e7c41f59121efad14ec2990fe1cce991
- SHA512
  
  c7de369fb3a7380cb968b26152dcee9ebeac7cfa42130e17b2a3f2c938ff5bd1978e361a35d2a2b719aece22442f8f060990c21dedeadcece7c5278fc9173c64
- SSDEEP
  
  3072:+oOx0EXvLK5TPRgARMlMUdp47hcTgxtnnccfK49+tBxWME/UOAQxpFQKb:+oOhvkTPapJ4bt0tBAXF5pqK
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2