11408eaf3571b1974ac33c765eb5062da57d6b2e621fbe0753caa7a3f14a5cc3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a47f48fdd5a79c6c9725ded935c0e7c
Size

54KB
Sample

231230-b1hj1sedh9
MD5

0a47f48fdd5a79c6c9725ded935c0e7c
SHA1

9eaed5e9e4fc98dbd41fa8d178cac722ca83b91b
SHA256

11408eaf3571b1974ac33c765eb5062da57d6b2e621fbe0753caa7a3f14a5cc3
SHA512

ecb8e69cf73c0e333908ac930a3313cfafe80221ffbf85e9795f920307495d2778d52352690dd49b7725d9bc4e7e3c2b75470ae128925791d88f8234135648a1
SSDEEP

1536:yOHFItPZDq3o7+2lDmVgf34LYHMkpoATvOhoof9Q7:yg6BqY7+Emgf3OkpRvYI

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  0a47f48fdd5a79c6c9725ded935c0e7c
- Size
  
  54KB
- MD5
  
  0a47f48fdd5a79c6c9725ded935c0e7c
- SHA1
  
  9eaed5e9e4fc98dbd41fa8d178cac722ca83b91b
- SHA256
  
  11408eaf3571b1974ac33c765eb5062da57d6b2e621fbe0753caa7a3f14a5cc3
- SHA512
  
  ecb8e69cf73c0e333908ac930a3313cfafe80221ffbf85e9795f920307495d2778d52352690dd49b7725d9bc4e7e3c2b75470ae128925791d88f8234135648a1
- SSDEEP
  
  1536:yOHFItPZDq3o7+2lDmVgf34LYHMkpoATvOhoof9Q7:yg6BqY7+Emgf3OkpRvYI
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence