dcb4e4d100cbd575d48718c55a90071b39d5d74a5cf74e1c6bfc97122932013e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11f3e965c1e509c78e2061794d7a3a85
Size

320KB
Sample

231230-h5htxacbg7
MD5

11f3e965c1e509c78e2061794d7a3a85
SHA1

b528ebd1f79fcc55d6a2352768f9d25cfdf2d2de
SHA256

dcb4e4d100cbd575d48718c55a90071b39d5d74a5cf74e1c6bfc97122932013e
SHA512

1be6c573f4fb4fea357adc80360390fd4d57ef216338348f3427f44130b2b17fa73f0c42b8de83467b97098bd002ec595c8565dad8f83ea91c18b4fa1de02254
SSDEEP

6144:uTp5qUpSjri0iX0PyjS6w98EwJwqptCdeTg:uTHqUSfBikF6wOjntCdeT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  11f3e965c1e509c78e2061794d7a3a85
- Size
  
  320KB
- MD5
  
  11f3e965c1e509c78e2061794d7a3a85
- SHA1
  
  b528ebd1f79fcc55d6a2352768f9d25cfdf2d2de
- SHA256
  
  dcb4e4d100cbd575d48718c55a90071b39d5d74a5cf74e1c6bfc97122932013e
- SHA512
  
  1be6c573f4fb4fea357adc80360390fd4d57ef216338348f3427f44130b2b17fa73f0c42b8de83467b97098bd002ec595c8565dad8f83ea91c18b4fa1de02254
- SSDEEP
  
  6144:uTp5qUpSjri0iX0PyjS6w98EwJwqptCdeTg:uTHqUSfBikF6wOjntCdeT
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Drops file in Drivers directory
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2