16cce51c4e31e9443595d66fbbc2ad93b383e0a77971bd8888257723e8b70e5f | Triage

Sharing

General

Target

31c41bc2b7f17984c98d14332171b98b
Size

120KB
Sample

231231-lyjpeaabb3
MD5

31c41bc2b7f17984c98d14332171b98b
SHA1

3bb37091531085a0c29fda231c5f7914e29d1a93
SHA256

16cce51c4e31e9443595d66fbbc2ad93b383e0a77971bd8888257723e8b70e5f
SHA512

4125fc33c1f2a4a9a227cc9da8769e0668dc27844a803f436bd973e431dbdd2126cb278ac656b842b90031ab8fa5a62fbc6bbc6c2c4e2f14d20fa5df44db15ff
SSDEEP

3072:J1ODw4nRgmcU+0OeIq2QQvvQcSFcVBY7sIo3:JmwVmcUtOI/fFIsY3

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  31c41bc2b7f17984c98d14332171b98b
- Size
  
  120KB
- MD5
  
  31c41bc2b7f17984c98d14332171b98b
- SHA1
  
  3bb37091531085a0c29fda231c5f7914e29d1a93
- SHA256
  
  16cce51c4e31e9443595d66fbbc2ad93b383e0a77971bd8888257723e8b70e5f
- SHA512
  
  4125fc33c1f2a4a9a227cc9da8769e0668dc27844a803f436bd973e431dbdd2126cb278ac656b842b90031ab8fa5a62fbc6bbc6c2c4e2f14d20fa5df44db15ff
- SSDEEP
  
  3072:J1ODw4nRgmcU+0OeIq2QQvvQcSFcVBY7sIo3:JmwVmcUtOI/fFIsY3
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2