52205aed6177a157d3136640ba26df6ae7330937dde73e90a0cef3b8afcc026b | Triage

Sharing

General

Target

6e3c5ff99abe08db0a963553cabf295a
Size

48KB
Sample

231226-pkz11scaa9
MD5

6e3c5ff99abe08db0a963553cabf295a
SHA1

a4d7778a983151c6ab3264cf67b55077515970ce
SHA256

52205aed6177a157d3136640ba26df6ae7330937dde73e90a0cef3b8afcc026b
SHA512

fb906e2c72f9c0240270e9c84574cf145a69792cec96440c0fa14fc245433972924013a929841dd3d0296e4de7ccbcb3972f67beffb7e326eddd55ca29b79977
SSDEEP

768:G5j7oznv4IC7TniaofvGZBG5VoPLUH2KI22D6N3YwB8ZBX:qjcznvDjaofvCBG5Q9K8D6N3L8ZV

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6e3c5ff99abe08db0a963553cabf295a
- Size
  
  48KB
- MD5
  
  6e3c5ff99abe08db0a963553cabf295a
- SHA1
  
  a4d7778a983151c6ab3264cf67b55077515970ce
- SHA256
  
  52205aed6177a157d3136640ba26df6ae7330937dde73e90a0cef3b8afcc026b
- SHA512
  
  fb906e2c72f9c0240270e9c84574cf145a69792cec96440c0fa14fc245433972924013a929841dd3d0296e4de7ccbcb3972f67beffb7e326eddd55ca29b79977
- SSDEEP
  
  768:G5j7oznv4IC7TniaofvGZBG5VoPLUH2KI22D6N3YwB8ZBX:qjcznvDjaofvCBG5Q9K8D6N3L8ZV
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2