d25266028927dde67587f910a71f51d54337d660f13a2d11505442bce2b0e0c1 | Triage

Sharing

General

Target

36aefd285eb752c87bd5fdff8d05d919
Size

141KB
Sample

231231-p1rpksdhe9
MD5

36aefd285eb752c87bd5fdff8d05d919
SHA1

b58e33fa3350dcedbb6ff124b46cf9f8ef4ff6a8
SHA256

d25266028927dde67587f910a71f51d54337d660f13a2d11505442bce2b0e0c1
SHA512

128dc4831c7b8c4ddb15f66c2e18941254befaf2a36c0b2a7664f7022099aa02a615eb8c15ddb5459ace2bc1560e63970f4c5cb6add12c971eb1447843ef7906
SSDEEP

3072:eLwnl+PRZN3k7jH8YB5VhbdNOXeg5V/wMQdY:VliC7jcctD4/FQy

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  36aefd285eb752c87bd5fdff8d05d919
- Size
  
  141KB
- MD5
  
  36aefd285eb752c87bd5fdff8d05d919
- SHA1
  
  b58e33fa3350dcedbb6ff124b46cf9f8ef4ff6a8
- SHA256
  
  d25266028927dde67587f910a71f51d54337d660f13a2d11505442bce2b0e0c1
- SHA512
  
  128dc4831c7b8c4ddb15f66c2e18941254befaf2a36c0b2a7664f7022099aa02a615eb8c15ddb5459ace2bc1560e63970f4c5cb6add12c971eb1447843ef7906
- SSDEEP
  
  3072:eLwnl+PRZN3k7jH8YB5VhbdNOXeg5V/wMQdY:VliC7jcctD4/FQy
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2