41be38d763967f109475ae8bc137905186d0c4c5cbc20987e62e3ffb27bffbae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1442402db0f913a9db12a4155c98d767
Size

116KB
Sample

231230-k8nknsaad5
MD5

1442402db0f913a9db12a4155c98d767
SHA1

23a9e701c5647e4437899cdde319d232a83f1482
SHA256

41be38d763967f109475ae8bc137905186d0c4c5cbc20987e62e3ffb27bffbae
SHA512

348087301a3e572cf042328bb1c57569e8c6b476a749a68512abe1477f2677651fa7534792e3ecb0bb8b6ce829fdb1a136cdcd0625bee21b785da299fc01a97e
SSDEEP

1536:bfsG+8DE180o1YfkDklKKR1D5O+1UjZMfBkUY+qILiETYoDDgU31:bvB70EYH7D5OoBB39TYofga1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1442402db0f913a9db12a4155c98d767
- Size
  
  116KB
- MD5
  
  1442402db0f913a9db12a4155c98d767
- SHA1
  
  23a9e701c5647e4437899cdde319d232a83f1482
- SHA256
  
  41be38d763967f109475ae8bc137905186d0c4c5cbc20987e62e3ffb27bffbae
- SHA512
  
  348087301a3e572cf042328bb1c57569e8c6b476a749a68512abe1477f2677651fa7534792e3ecb0bb8b6ce829fdb1a136cdcd0625bee21b785da299fc01a97e
- SSDEEP
  
  1536:bfsG+8DE180o1YfkDklKKR1D5O+1UjZMfBkUY+qILiETYoDDgU31:bvB70EYH7D5OoBB39TYofga1
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2