16ecbb4c7d777c9174de85af9dd6f672ad484cb0bfd4da3018ac768fdd120172 | Triage

Sharing

General

Target

27a69ab14b60a27cb207624505f07ab5
Size

27KB
Sample

231231-esgvasgffr
MD5

27a69ab14b60a27cb207624505f07ab5
SHA1

a0301e76029138d5971fac10dd121098e16c5bc8
SHA256

16ecbb4c7d777c9174de85af9dd6f672ad484cb0bfd4da3018ac768fdd120172
SHA512

d79a32eaf8b16d0c106b0145a7b0bbda00389ed33292300e43c509a5f1fa44cf785cebfd8847c9f12257d4398f3d72637998b30f23ef53253aa6e0bcf6eff58b
SSDEEP

384:hvrwnbNjmFdh9cYwy8SWyEtrjcL3iE7p4KV68a6F/:9EnbNyq0XWNC7p4m68ak

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  27a69ab14b60a27cb207624505f07ab5
- Size
  
  27KB
- MD5
  
  27a69ab14b60a27cb207624505f07ab5
- SHA1
  
  a0301e76029138d5971fac10dd121098e16c5bc8
- SHA256
  
  16ecbb4c7d777c9174de85af9dd6f672ad484cb0bfd4da3018ac768fdd120172
- SHA512
  
  d79a32eaf8b16d0c106b0145a7b0bbda00389ed33292300e43c509a5f1fa44cf785cebfd8847c9f12257d4398f3d72637998b30f23ef53253aa6e0bcf6eff58b
- SSDEEP
  
  384:hvrwnbNjmFdh9cYwy8SWyEtrjcL3iE7p4KV68a6F/:9EnbNyq0XWNC7p4m68ak
Score

8^/10

persistence
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2