27fed9534ccb16e3aa3ba9b7cdc80b0da0ae3b230228a65544447e5d9aace336 | Triage

Sharing

General

Target

7eabbfe1f9610f75ff06afa88435fa1d
Size

301KB
Sample

231226-vjddhsgad7
MD5

7eabbfe1f9610f75ff06afa88435fa1d
SHA1

30321fc8d3c7438ca647af978bd717bb276e1f1a
SHA256

27fed9534ccb16e3aa3ba9b7cdc80b0da0ae3b230228a65544447e5d9aace336
SHA512

e11beab136fe9072e5a417583d3fdac48cc300e8d934313f99ec55ae28ad8293d1bda09bef9c86eaf7eb9f529413f400616d4bc8a6e0ed5afb23e6226ca11973
SSDEEP

6144:oAUUyJ6UztVT59mxcVXdkr9EAa0szsBmVMM8/w:oAmVT6c/1Rf

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  7eabbfe1f9610f75ff06afa88435fa1d
- Size
  
  301KB
- MD5
  
  7eabbfe1f9610f75ff06afa88435fa1d
- SHA1
  
  30321fc8d3c7438ca647af978bd717bb276e1f1a
- SHA256
  
  27fed9534ccb16e3aa3ba9b7cdc80b0da0ae3b230228a65544447e5d9aace336
- SHA512
  
  e11beab136fe9072e5a417583d3fdac48cc300e8d934313f99ec55ae28ad8293d1bda09bef9c86eaf7eb9f529413f400616d4bc8a6e0ed5afb23e6226ca11973
- SSDEEP
  
  6144:oAUUyJ6UztVT59mxcVXdkr9EAa0szsBmVMM8/w:oAmVT6c/1Rf
Score

10^/10

evasion
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2