fd13cc1399ef919d4cbc53caa9d6e0e5894b341064b34017671a924b76fb5549 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

201ed0eae7d96307b3e5781744f5dee1
Size

2.6MB
Sample

231230-3jmaesdehl
MD5

201ed0eae7d96307b3e5781744f5dee1
SHA1

bfe4646f6285347d73edaec3572f4a98e408355f
SHA256

fd13cc1399ef919d4cbc53caa9d6e0e5894b341064b34017671a924b76fb5549
SHA512

649654d8cd2ac3e030d7c9e354169f3e47ae4a03cd88c104399f1bf7130db4e940a26a536fcca8b9872f76e03b0082ed9dd38bc83aae79a47a01a2c23b22f396
SSDEEP

49152:TeS12nRc6C5CEAHD26ICQVt1ULUQRP6a6YPkCLJ37xbIjNyX5Hxzl/i:6S+c6ZEmqCMtmoQRP6aZtnsNq9l/i

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  201ed0eae7d96307b3e5781744f5dee1
- Size
  
  2.6MB
- MD5
  
  201ed0eae7d96307b3e5781744f5dee1
- SHA1
  
  bfe4646f6285347d73edaec3572f4a98e408355f
- SHA256
  
  fd13cc1399ef919d4cbc53caa9d6e0e5894b341064b34017671a924b76fb5549
- SHA512
  
  649654d8cd2ac3e030d7c9e354169f3e47ae4a03cd88c104399f1bf7130db4e940a26a536fcca8b9872f76e03b0082ed9dd38bc83aae79a47a01a2c23b22f396
- SSDEEP
  
  49152:TeS12nRc6C5CEAHD26ICQVt1ULUQRP6a6YPkCLJ37xbIjNyX5Hxzl/i:6S+c6ZEmqCMtmoQRP6aZtnsNq9l/i
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2