bf8581758186ff463a24b16bc1c081ba521af637a141c639645a9d0c3cf05d29 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22f45e5011d16989baaa64026ed62b9b
Size

460KB
Sample

231231-byfbwageb7
MD5

22f45e5011d16989baaa64026ed62b9b
SHA1

73374f4946a23a700f8630b20b7874ae1597f45f
SHA256

bf8581758186ff463a24b16bc1c081ba521af637a141c639645a9d0c3cf05d29
SHA512

beb861ef6e197ba3ecf4dbe7db707710f2e57c269e085258b01fad8343d6414c4593100c2853e1b8760e700d3bdee84879185324fa5ae8d49b27dd5897e840df
SSDEEP

12288:ArRPiSpCSBb+M9cpRLkHhZJofEqgeT35c:s4Spniscpi3hqzc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  22f45e5011d16989baaa64026ed62b9b
- Size
  
  460KB
- MD5
  
  22f45e5011d16989baaa64026ed62b9b
- SHA1
  
  73374f4946a23a700f8630b20b7874ae1597f45f
- SHA256
  
  bf8581758186ff463a24b16bc1c081ba521af637a141c639645a9d0c3cf05d29
- SHA512
  
  beb861ef6e197ba3ecf4dbe7db707710f2e57c269e085258b01fad8343d6414c4593100c2853e1b8760e700d3bdee84879185324fa5ae8d49b27dd5897e840df
- SSDEEP
  
  12288:ArRPiSpCSBb+M9cpRLkHhZJofEqgeT35c:s4Spniscpi3hqzc
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2