5369003daa77507d79628676fa319f9c8e82f6f678b538d04700eeae11ae0a9c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

212a8a1e097e2045fe6d1c32a78d4abd
Size

3.6MB
Sample

231231-af667sdch4
MD5

212a8a1e097e2045fe6d1c32a78d4abd
SHA1

368fe92a550f6b12bc9a478a2d65fdb4e345b44f
SHA256

5369003daa77507d79628676fa319f9c8e82f6f678b538d04700eeae11ae0a9c
SHA512

a0b2b2761c8cf69b8542dc6699c8e025ecad6aaffd011523f4f5f3d3936c177281ca7451fe6dad233dc4deb46ddcd10ba9426cad8d94c5802efbce4cd0a23411
SSDEEP

98304:LqmNGrFOBnHFdmLSPjryjgo4r13XiH8lxJP2F3KCgrMI:B4sHF2iq0o4rg8FPe5C

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  212a8a1e097e2045fe6d1c32a78d4abd
- Size
  
  3.6MB
- MD5
  
  212a8a1e097e2045fe6d1c32a78d4abd
- SHA1
  
  368fe92a550f6b12bc9a478a2d65fdb4e345b44f
- SHA256
  
  5369003daa77507d79628676fa319f9c8e82f6f678b538d04700eeae11ae0a9c
- SHA512
  
  a0b2b2761c8cf69b8542dc6699c8e025ecad6aaffd011523f4f5f3d3936c177281ca7451fe6dad233dc4deb46ddcd10ba9426cad8d94c5802efbce4cd0a23411
- SSDEEP
  
  98304:LqmNGrFOBnHFdmLSPjryjgo4r13XiH8lxJP2F3KCgrMI:B4sHF2iq0o4rg8FPe5C
Score

8^/10

evasion persistence
- Stops running service(s)
  evasion
- Uses Session Manager for persistence
  Creates Session Manager registry key to run executable early in system boot.
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2