24df9e16089f20d2c3388a5decff09143930a28fb9b14abd165ef8c2389749d6 | Triage

Sharing

General

Target

14d94b9e3107b726cf14ea686420210c
Size

836KB
Sample

231230-lqy45adga2
MD5

14d94b9e3107b726cf14ea686420210c
SHA1

6f458076e34fd6ba779fef033274cbdc81268411
SHA256

24df9e16089f20d2c3388a5decff09143930a28fb9b14abd165ef8c2389749d6
SHA512

1881064e4d76ede52451e1d6406d27dc88c6a2d9658a72bb32506bbcf20454df5cce75921c9c489907394ff61ecefa9666cb85420695e16f0a2b6535a1bb3b07
SSDEEP

24576:rjh+EbVcvgbdEnDiDxPnLmEKZhZ4KkX3b:rF+ERcvnilPnCEKW3b

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  14d94b9e3107b726cf14ea686420210c
- Size
  
  836KB
- MD5
  
  14d94b9e3107b726cf14ea686420210c
- SHA1
  
  6f458076e34fd6ba779fef033274cbdc81268411
- SHA256
  
  24df9e16089f20d2c3388a5decff09143930a28fb9b14abd165ef8c2389749d6
- SHA512
  
  1881064e4d76ede52451e1d6406d27dc88c6a2d9658a72bb32506bbcf20454df5cce75921c9c489907394ff61ecefa9666cb85420695e16f0a2b6535a1bb3b07
- SSDEEP
  
  24576:rjh+EbVcvgbdEnDiDxPnLmEKZhZ4KkX3b:rF+ERcvnilPnCEKW3b
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2