597acac76ad725054269f8661e8d41c0066a73ed86076a8e76891a9f702edfca | Triage

Sharing

General

Target

86256b0347d1f99d7dedb71d7a7b05cd
Size

141KB
Sample

240201-gzcj9sfabp
MD5

86256b0347d1f99d7dedb71d7a7b05cd
SHA1

4fffc3f48bf33bbad7f4b74716b9398202fb3313
SHA256

597acac76ad725054269f8661e8d41c0066a73ed86076a8e76891a9f702edfca
SHA512

686bbbec01af6eb6f69e190856fd50711da4194a9811a125f672a28b56b8dd20e6a4af3b5af7291909b64c0bdc0961fe09abc6cc4ca3169ec284a472ca4c4f72
SSDEEP

1536:lEMVgMhxse5RNrQtLCADmHyDDTjmlA7BITcyLxrsmwZK9gyJGtjRLQHpJP15jBYq:cIPemHyDDTKetITpZy2GQHZYT4as

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  86256b0347d1f99d7dedb71d7a7b05cd
- Size
  
  141KB
- MD5
  
  86256b0347d1f99d7dedb71d7a7b05cd
- SHA1
  
  4fffc3f48bf33bbad7f4b74716b9398202fb3313
- SHA256
  
  597acac76ad725054269f8661e8d41c0066a73ed86076a8e76891a9f702edfca
- SHA512
  
  686bbbec01af6eb6f69e190856fd50711da4194a9811a125f672a28b56b8dd20e6a4af3b5af7291909b64c0bdc0961fe09abc6cc4ca3169ec284a472ca4c4f72
- SSDEEP
  
  1536:lEMVgMhxse5RNrQtLCADmHyDDTjmlA7BITcyLxrsmwZK9gyJGtjRLQHpJP15jBYq:cIPemHyDDTKetITpZy2GQHZYT4as
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2