cff570551da2ebf2f6ad0cd97173a313d727980950c09e5d721e7bfe629b0bdf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44d10bf1d8257e07b9d618bd82a7cfc4
Size

4.3MB
Sample

240106-aq2dpseed4
MD5

44d10bf1d8257e07b9d618bd82a7cfc4
SHA1

87d973cd254e4b216f589ddd2a709b9c788315eb
SHA256

cff570551da2ebf2f6ad0cd97173a313d727980950c09e5d721e7bfe629b0bdf
SHA512

4f79779a71a440896d9daec4fe58a163d73ac5279f2598db9aba7cf9a661f805f1400ae2963601129836a850a169f5ec72c7fbf0d60dd00e8671da641a42204f
SSDEEP

98304:r//LqhWh3ErldarKX9plT3IhcnaItCughs/:r/WhikvaY9plTtaItj/

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  44d10bf1d8257e07b9d618bd82a7cfc4
- Size
  
  4.3MB
- MD5
  
  44d10bf1d8257e07b9d618bd82a7cfc4
- SHA1
  
  87d973cd254e4b216f589ddd2a709b9c788315eb
- SHA256
  
  cff570551da2ebf2f6ad0cd97173a313d727980950c09e5d721e7bfe629b0bdf
- SHA512
  
  4f79779a71a440896d9daec4fe58a163d73ac5279f2598db9aba7cf9a661f805f1400ae2963601129836a850a169f5ec72c7fbf0d60dd00e8671da641a42204f
- SSDEEP
  
  98304:r//LqhWh3ErldarKX9plT3IhcnaItCughs/:r/WhikvaY9plTtaItj/
Score

8^/10

persistence
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2