General
-
Target
03735c07ce73fc89615223a3107f20c7
-
Size
103KB
-
Sample
231229-zgyznahhb4
-
MD5
03735c07ce73fc89615223a3107f20c7
-
SHA1
a39e16bc9387c4ea3dbb0669c1363a167baa15c4
-
SHA256
7f5eb389aa6e188ed32de31adc4679492fc5054a808d3de9a7a99b031fa8be0a
-
SHA512
aa320a3b47927c22f859f780b403ea785c0872e4d37675070d685f5393c917fe665889dd76f5baf3548320f1e26208d5e382853970dac27da44efb966f8f5273
-
SSDEEP
3072:Tth7C3R5r0fTBJ9uouQQdI8GekLEwNrGPvbH6w:TthElKlJ9NuQQdIVekZrMvba
Malware Config
Targets
-
-
Target
03735c07ce73fc89615223a3107f20c7
-
Size
103KB
-
MD5
03735c07ce73fc89615223a3107f20c7
-
SHA1
a39e16bc9387c4ea3dbb0669c1363a167baa15c4
-
SHA256
7f5eb389aa6e188ed32de31adc4679492fc5054a808d3de9a7a99b031fa8be0a
-
SHA512
aa320a3b47927c22f859f780b403ea785c0872e4d37675070d685f5393c917fe665889dd76f5baf3548320f1e26208d5e382853970dac27da44efb966f8f5273
-
SSDEEP
3072:Tth7C3R5r0fTBJ9uouQQdI8GekLEwNrGPvbH6w:TthElKlJ9NuQQdIVekZrMvba
Score10/10-
Modifies firewall policy service
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2