f7b5dce5ff69b8569541e9f74d790dc8726470d38c3d2d77bd43c4221db0151a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3744fecf4bba2fc3a6c59b33efe30a39
Size

116KB
Sample

231231-qcn48afcgr
MD5

3744fecf4bba2fc3a6c59b33efe30a39
SHA1

53a08fc3c0fe868f14f01a29a66f8de4c189c7dc
SHA256

f7b5dce5ff69b8569541e9f74d790dc8726470d38c3d2d77bd43c4221db0151a
SHA512

cecbf95dd6593e69c0afaa9d2d9f330ee6e69fef2dfdd5314b0d4cf2fcde7c20799ef007698a5dba2e8e671c0b12def489693dce6861cfd0373f9dda26ae9b1f
SSDEEP

1536:O/RG+YDE180o1YfkDklKKRUu58RrQoIu7Hg1UwvlWQTQTSro9:O8N70EYHSu58mDUhwvdLrE

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3744fecf4bba2fc3a6c59b33efe30a39
- Size
  
  116KB
- MD5
  
  3744fecf4bba2fc3a6c59b33efe30a39
- SHA1
  
  53a08fc3c0fe868f14f01a29a66f8de4c189c7dc
- SHA256
  
  f7b5dce5ff69b8569541e9f74d790dc8726470d38c3d2d77bd43c4221db0151a
- SHA512
  
  cecbf95dd6593e69c0afaa9d2d9f330ee6e69fef2dfdd5314b0d4cf2fcde7c20799ef007698a5dba2e8e671c0b12def489693dce6861cfd0373f9dda26ae9b1f
- SSDEEP
  
  1536:O/RG+YDE180o1YfkDklKKRUu58RrQoIu7Hg1UwvlWQTQTSro9:O8N70EYHSu58mDUhwvdLrE
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2