26dde0541c8481c91f2c7f5e7c0bd632d617b8a68a61f8e3564dbe58eee64586 | Triage

Sharing

General

Target

36f2527058d6d52571985fca36c4fe68
Size

170KB
Sample

231231-p6ra1adcfq
MD5

36f2527058d6d52571985fca36c4fe68
SHA1

28ff6c786b5e5e89b6e522822f75fefcff09ffa2
SHA256

26dde0541c8481c91f2c7f5e7c0bd632d617b8a68a61f8e3564dbe58eee64586
SHA512

3cd78d68fed6197ad9b999274f0f64b601cf276debf61e468bc1b4b103517ab1c4ba075b71d5c6fcce34a5f7bdd6d6ef0c58e979eafae12ad4ce762e87ea8192
SSDEEP

3072:JdBrVNemRG5Q6zsC2Yt0RHJamXJob0KuJ48Me42tQFMm7svYD+:/gmkFFQptaQt48Mz2tQFb

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  36f2527058d6d52571985fca36c4fe68
- Size
  
  170KB
- MD5
  
  36f2527058d6d52571985fca36c4fe68
- SHA1
  
  28ff6c786b5e5e89b6e522822f75fefcff09ffa2
- SHA256
  
  26dde0541c8481c91f2c7f5e7c0bd632d617b8a68a61f8e3564dbe58eee64586
- SHA512
  
  3cd78d68fed6197ad9b999274f0f64b601cf276debf61e468bc1b4b103517ab1c4ba075b71d5c6fcce34a5f7bdd6d6ef0c58e979eafae12ad4ce762e87ea8192
- SSDEEP
  
  3072:JdBrVNemRG5Q6zsC2Yt0RHJamXJob0KuJ48Me42tQFMm7svYD+:/gmkFFQptaQt48Mz2tQFb
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Registers COM server for autorun
  persistence
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2