a13c5b159b96a1a270a260617edce66c7a13cdd85ee3406032c25cdf1b3bf669 | Triage

Sharing

General

Target

09acbc29a773770217696c4ff0e96a45
Size

92KB
Sample

231230-bkjgdaafb9
MD5

09acbc29a773770217696c4ff0e96a45
SHA1

21a967bdcefa1ce3d2df38d7bf426ac2cec452db
SHA256

a13c5b159b96a1a270a260617edce66c7a13cdd85ee3406032c25cdf1b3bf669
SHA512

be2f7b817b13083323d7fbc67a42fe6d65766b64503a2361108a8856396a7aae863445d6e47c624603f9348ca68da3a8c758592bc01b7e22773436d7e23b7d97
SSDEEP

1536:MpuOO/aZ4LR8LbtoUVuRG5etgBaxXmB+EoC+1xv9tqGNiNW0Ne+zYJXza:MpPO/xLR8LbtVIAeCoC+D10NWy0Xu

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  09acbc29a773770217696c4ff0e96a45
- Size
  
  92KB
- MD5
  
  09acbc29a773770217696c4ff0e96a45
- SHA1
  
  21a967bdcefa1ce3d2df38d7bf426ac2cec452db
- SHA256
  
  a13c5b159b96a1a270a260617edce66c7a13cdd85ee3406032c25cdf1b3bf669
- SHA512
  
  be2f7b817b13083323d7fbc67a42fe6d65766b64503a2361108a8856396a7aae863445d6e47c624603f9348ca68da3a8c758592bc01b7e22773436d7e23b7d97
- SSDEEP
  
  1536:MpuOO/aZ4LR8LbtoUVuRG5etgBaxXmB+EoC+1xv9tqGNiNW0Ne+zYJXza:MpPO/xLR8LbtVIAeCoC+D10NWy0Xu
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2