ea2efbc48f7257e184a90e50698640df4afccf383e977e1f21b3dedcd2040ae7 | Triage

Sharing

General

Target

24252e6b573e398f3161fb58bdccce1b
Size

136KB
Sample

231231-cpdx5affc5
MD5

24252e6b573e398f3161fb58bdccce1b
SHA1

5964ee2c21cd3f331e1661f78df983a4dace6a29
SHA256

ea2efbc48f7257e184a90e50698640df4afccf383e977e1f21b3dedcd2040ae7
SHA512

4566b08f24bf3f2d913c3814c53ab7c515231b6bd0fe4adf1f0c3e7ae312342395e68b5c4c1184d424832ee4a55d25251b6fb8d763f7f5b626aa06dfcce4f921
SSDEEP

3072:zrnnbX8b3xcFKpcgtHonOkeD4eNhn8iTS2nIM64:zrz8bZpxtEOlD468i/IV

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  24252e6b573e398f3161fb58bdccce1b
- Size
  
  136KB
- MD5
  
  24252e6b573e398f3161fb58bdccce1b
- SHA1
  
  5964ee2c21cd3f331e1661f78df983a4dace6a29
- SHA256
  
  ea2efbc48f7257e184a90e50698640df4afccf383e977e1f21b3dedcd2040ae7
- SHA512
  
  4566b08f24bf3f2d913c3814c53ab7c515231b6bd0fe4adf1f0c3e7ae312342395e68b5c4c1184d424832ee4a55d25251b6fb8d763f7f5b626aa06dfcce4f921
- SSDEEP
  
  3072:zrnnbX8b3xcFKpcgtHonOkeD4eNhn8iTS2nIM64:zrz8bZpxtEOlD468i/IV
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence