f9d61f1953345a0da112b6653fbe72292c73ba8e67f875c0b60e0c8f05f4d024 | Triage

Sharing

General

Target

034952c93a87e5465783cea13800fbcd
Size

154KB
Sample

231229-zcwzhadfcj
MD5

034952c93a87e5465783cea13800fbcd
SHA1

f0fdb581db3183ea3d0a40f4e6386bb310dac4b8
SHA256

f9d61f1953345a0da112b6653fbe72292c73ba8e67f875c0b60e0c8f05f4d024
SHA512

1a8d85efd59936156c68fae0018aa6a65f6fb210edc620b703d4218136034165006022c0fdb87a29eeed738e9bf5a1f940bd81f29a2d94067cae3c8389673a90
SSDEEP

3072:r0Cc0k/A9aXfaOxMy/+wErSdhz2ZJsZ4CDl5sgqu3W+YlLsQ0i:rW0kXXfaOxMy/+wE6UZJsZ4Clqu3gL

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  034952c93a87e5465783cea13800fbcd
- Size
  
  154KB
- MD5
  
  034952c93a87e5465783cea13800fbcd
- SHA1
  
  f0fdb581db3183ea3d0a40f4e6386bb310dac4b8
- SHA256
  
  f9d61f1953345a0da112b6653fbe72292c73ba8e67f875c0b60e0c8f05f4d024
- SHA512
  
  1a8d85efd59936156c68fae0018aa6a65f6fb210edc620b703d4218136034165006022c0fdb87a29eeed738e9bf5a1f940bd81f29a2d94067cae3c8389673a90
- SSDEEP
  
  3072:r0Cc0k/A9aXfaOxMy/+wErSdhz2ZJsZ4CDl5sgqu3W+YlLsQ0i:rW0kXXfaOxMy/+wE6UZJsZ4Clqu3gL
Score

8^/10

persistence
- Blocklisted process makes network request
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2