4b3d290006cbb2cff8541ca29c58b3eb13a4732c56c5a15ae9d7252015d11db8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37d66d3f027b386a9a8c974eb8e972ef
Size

276KB
Sample

231231-qmkvjsafcq
MD5

37d66d3f027b386a9a8c974eb8e972ef
SHA1

cf87c3394d21dcc7b971f8478f72d74a6851da73
SHA256

4b3d290006cbb2cff8541ca29c58b3eb13a4732c56c5a15ae9d7252015d11db8
SHA512

ebcf60a3cdd6cde2ad561b337037b0010c75a5bf7663b222bc084d88dd7ed3579e3fffea3ad8a87a1bc64df92ae2b91cf03b355ffc56f007942f0b4943ad5157
SSDEEP

768:ZMC4PC/DW0FOkaWuNRjjs5JS9oFx74Juw4eAW8/5Ec+o9zbFSh:74YFOkXuNRjWJx7zw4FW25EcN9gh

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  37d66d3f027b386a9a8c974eb8e972ef
- Size
  
  276KB
- MD5
  
  37d66d3f027b386a9a8c974eb8e972ef
- SHA1
  
  cf87c3394d21dcc7b971f8478f72d74a6851da73
- SHA256
  
  4b3d290006cbb2cff8541ca29c58b3eb13a4732c56c5a15ae9d7252015d11db8
- SHA512
  
  ebcf60a3cdd6cde2ad561b337037b0010c75a5bf7663b222bc084d88dd7ed3579e3fffea3ad8a87a1bc64df92ae2b91cf03b355ffc56f007942f0b4943ad5157
- SSDEEP
  
  768:ZMC4PC/DW0FOkaWuNRjjs5JS9oFx74Juw4eAW8/5Ec+o9zbFSh:74YFOkXuNRjWJx7zw4FW25EcN9gh
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies AppInit DLL entries
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence