71f26ec4de6a595881a1a235e29ffea8a4b0794000ffb780c2fe37e98ca34c76 | Triage

Sharing

General

Target

54d1ea41db69c34d3704c96515d5b1e9
Size

300KB
Sample

231226-e9vsgsgbc3
MD5

54d1ea41db69c34d3704c96515d5b1e9
SHA1

25dada3cbd9b0a683a65df884cd76dc41897d219
SHA256

71f26ec4de6a595881a1a235e29ffea8a4b0794000ffb780c2fe37e98ca34c76
SHA512

864a24cb79bbc270cdd49c5fbb81c54f6243be2734b1834842e7219ce47c889e2f4c2b6d0f87326d775029dc87d2c9efbd2fe3f0383a62520cb27a04c988581a
SSDEEP

6144:RRLLNYTpkl9B1erzj1GY8/xA/iWHhblby8/1CaZSA/7bT0n/yX9:RstkJ1Qzj1GY8u/Nxlbyg1N/fTKyX9

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  54d1ea41db69c34d3704c96515d5b1e9
- Size
  
  300KB
- MD5
  
  54d1ea41db69c34d3704c96515d5b1e9
- SHA1
  
  25dada3cbd9b0a683a65df884cd76dc41897d219
- SHA256
  
  71f26ec4de6a595881a1a235e29ffea8a4b0794000ffb780c2fe37e98ca34c76
- SHA512
  
  864a24cb79bbc270cdd49c5fbb81c54f6243be2734b1834842e7219ce47c889e2f4c2b6d0f87326d775029dc87d2c9efbd2fe3f0383a62520cb27a04c988581a
- SSDEEP
  
  6144:RRLLNYTpkl9B1erzj1GY8/xA/iWHhblby8/1CaZSA/7bT0n/yX9:RstkJ1Qzj1GY8u/Nxlbyg1N/fTKyX9
Score

10^/10

evasion
- Modifies security service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2