General
-
Target
469c894ae9f8265bb67c747d7031583c.exe
-
Size
96KB
-
Sample
240103-spxy1affaq
-
MD5
469c894ae9f8265bb67c747d7031583c
-
SHA1
581bf8a22c186492168a74f18bbf3dd0256f99de
-
SHA256
81831e95c268aa5f19f71bb63814b7f5f2ab8d574d73445493fa672480cda73a
-
SHA512
6adaeab42ef5d14e44060c00ef15f6f8f5734faa89c9677143e06c44ed5419710a049f986821d87b64c00a4f423760e119b3c2336ddffb4b55b9250cc95a32c3
-
SSDEEP
1536:pw2CSU+mhjmxXf7bJP/EARUEWGt6rgVpuUVRlcmQPkUB:yjVhcXf75/FRUHGt5mUV/uh
Malware Config
Targets
-
-
Target
469c894ae9f8265bb67c747d7031583c.exe
-
Size
96KB
-
MD5
469c894ae9f8265bb67c747d7031583c
-
SHA1
581bf8a22c186492168a74f18bbf3dd0256f99de
-
SHA256
81831e95c268aa5f19f71bb63814b7f5f2ab8d574d73445493fa672480cda73a
-
SHA512
6adaeab42ef5d14e44060c00ef15f6f8f5734faa89c9677143e06c44ed5419710a049f986821d87b64c00a4f423760e119b3c2336ddffb4b55b9250cc95a32c3
-
SSDEEP
1536:pw2CSU+mhjmxXf7bJP/EARUEWGt6rgVpuUVRlcmQPkUB:yjVhcXf75/FRUHGt5mUV/uh
Score10/10-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2