5a615ca13e7a204ec99815f1dd7a62b853caa77e2a478537ff74e008dbcadfc9 | Triage

Sharing

General

Target

62815d022ba4008808521f009bca761b
Size

144KB
Sample

240117-nfry6segf8
MD5

62815d022ba4008808521f009bca761b
SHA1

3d7de6a189b6f8b712d9c3f4d4b47e7e8d937fed
SHA256

5a615ca13e7a204ec99815f1dd7a62b853caa77e2a478537ff74e008dbcadfc9
SHA512

dac74721d3e0fec2c54fee0f595a510230eb9b3338ecd066852ae0eb9d03f6a13f41045b3f48cbf15b60519ba8492ada773f82f22d1fe57022c7df8b0991364b
SSDEEP

3072:JZRUma9tXdE8QRjPwbV+AAX6ogKvphwXCMQX4yX:JzWbXrKPrAq6RKRhyCMQ/X

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  62815d022ba4008808521f009bca761b
- Size
  
  144KB
- MD5
  
  62815d022ba4008808521f009bca761b
- SHA1
  
  3d7de6a189b6f8b712d9c3f4d4b47e7e8d937fed
- SHA256
  
  5a615ca13e7a204ec99815f1dd7a62b853caa77e2a478537ff74e008dbcadfc9
- SHA512
  
  dac74721d3e0fec2c54fee0f595a510230eb9b3338ecd066852ae0eb9d03f6a13f41045b3f48cbf15b60519ba8492ada773f82f22d1fe57022c7df8b0991364b
- SSDEEP
  
  3072:JZRUma9tXdE8QRjPwbV+AAX6ogKvphwXCMQX4yX:JzWbXrKPrAq6RKRhyCMQ/X
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2