5ec198ff9c73d9a678840540d2f58f67976f80c8801efd4a762c32476508b81e | Triage

Sharing

General

Target

42e15a6ef1dc6d2cc85a6b42b6cb8260
Size

133KB
Sample

240105-f7mjrsaggl
MD5

42e15a6ef1dc6d2cc85a6b42b6cb8260
SHA1

cd228accdd47da7b6318811de1043705562d2924
SHA256

5ec198ff9c73d9a678840540d2f58f67976f80c8801efd4a762c32476508b81e
SHA512

3aee5dc0536104c6e02e91038017cc5a66acc706dcdf0f8bf5e8a63a913d429d6a6d4f6b831032dbea63a90d19f8d08da9e5a402512e480a9a9fffee00a39027
SSDEEP

3072:KBFbrajR/V9xuVQTVuR/8PWrJkdiqyj5KzctLO:EFHgHxuVQSkPW6diqy1a

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  42e15a6ef1dc6d2cc85a6b42b6cb8260
- Size
  
  133KB
- MD5
  
  42e15a6ef1dc6d2cc85a6b42b6cb8260
- SHA1
  
  cd228accdd47da7b6318811de1043705562d2924
- SHA256
  
  5ec198ff9c73d9a678840540d2f58f67976f80c8801efd4a762c32476508b81e
- SHA512
  
  3aee5dc0536104c6e02e91038017cc5a66acc706dcdf0f8bf5e8a63a913d429d6a6d4f6b831032dbea63a90d19f8d08da9e5a402512e480a9a9fffee00a39027
- SSDEEP
  
  3072:KBFbrajR/V9xuVQTVuR/8PWrJkdiqyj5KzctLO:EFHgHxuVQSkPW6diqy1a
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence