fc39e6cb0ae28dcd647eedbb041a5c9aa295b2db883232960ef0a48d86e93856 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.W64.Bulz.AY.gen.Eldorado.23576.26484.exe
Size

5.0MB
Sample

240201-e1yssabbe2
MD5

b8b966db021d7b8aaee6965b3dba4a28
SHA1

189ed55b5e1bef3f1f2fde5c092f70dc6779a3f6
SHA256

fc39e6cb0ae28dcd647eedbb041a5c9aa295b2db883232960ef0a48d86e93856
SHA512

02a14577c9623c5bd16870e9de0fde270f456f93666f23ad309bead398f7d3493b321a4281283bb632b38a5581c2a07c5697095ddef1ce14d80c5ef1abc4c6a3
SSDEEP

49152:jA/ljznTzE1IxDcrb/T8vO90d7HjmAFd4A64nsfJg5iz81LMyGBK1wVVE3+Yezze:4TzE1IxJu48Vi2zVSzEg+eRp

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  SecuriteInfo.com.W64.Bulz.AY.gen.Eldorado.23576.26484.exe
- Size
  
  5.0MB
- MD5
  
  b8b966db021d7b8aaee6965b3dba4a28
- SHA1
  
  189ed55b5e1bef3f1f2fde5c092f70dc6779a3f6
- SHA256
  
  fc39e6cb0ae28dcd647eedbb041a5c9aa295b2db883232960ef0a48d86e93856
- SHA512
  
  02a14577c9623c5bd16870e9de0fde270f456f93666f23ad309bead398f7d3493b321a4281283bb632b38a5581c2a07c5697095ddef1ce14d80c5ef1abc4c6a3
- SSDEEP
  
  49152:jA/ljznTzE1IxDcrb/T8vO90d7HjmAFd4A64nsfJg5iz81LMyGBK1wVVE3+Yezze:4TzE1IxJu48Vi2zVSzEg+eRp
Score

8^/10

discovery evasion persistence
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence