eb4f5975f3707dd4747816a1df8ae426c53fa74ff5655fb735f65eac77312193 | Triage

Sharing

General

Target

2c9b02f70f403a77bf8bc134847eeaf5
Size

3.7MB
Sample

231231-ht7nwsbhej
MD5

2c9b02f70f403a77bf8bc134847eeaf5
SHA1

aae89f708e380c270c0495491ab10e696920d5d8
SHA256

eb4f5975f3707dd4747816a1df8ae426c53fa74ff5655fb735f65eac77312193
SHA512

5a987dc54c1c4233f2fbe86feb0b8c926b3a72a162675600b34706bd995d0b4178d6035e001b253366f981feb6909f7c190e3f0568eb46f12c056093338d938f
SSDEEP

98304:lWZ+WFlt0g9nfsTDTTa2zMiA4dHjrmtsxw9nn:luDj0g96nNzMiA4hmOw9n

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  2c9b02f70f403a77bf8bc134847eeaf5
- Size
  
  3.7MB
- MD5
  
  2c9b02f70f403a77bf8bc134847eeaf5
- SHA1
  
  aae89f708e380c270c0495491ab10e696920d5d8
- SHA256
  
  eb4f5975f3707dd4747816a1df8ae426c53fa74ff5655fb735f65eac77312193
- SHA512
  
  5a987dc54c1c4233f2fbe86feb0b8c926b3a72a162675600b34706bd995d0b4178d6035e001b253366f981feb6909f7c190e3f0568eb46f12c056093338d938f
- SSDEEP
  
  98304:lWZ+WFlt0g9nfsTDTTa2zMiA4dHjrmtsxw9nn:luDj0g96nNzMiA4hmOw9n
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- Uses Session Manager for persistence
  Creates Session Manager registry key to run executable early in system boot.
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2