dea1f30124c19c6c87ca122715901452af1d3f7b0e734fadb41f295d1f821a4c | Triage

Sharing

General

Target

VirusShare-00459faff7688f8ab94e358af18c79c0
Size

68KB
Sample

240202-17v65ahcg2
MD5

00459faff7688f8ab94e358af18c79c0
SHA1

dce42228471c0e6911dcfe759a2ca0251e34a5d8
SHA256

dea1f30124c19c6c87ca122715901452af1d3f7b0e734fadb41f295d1f821a4c
SHA512

90d5c8ffd41f21b3db3d8ff5a7b47099c71dd3127c4578cf257c965912fbc75da26c42cc1c15d52adc4e4afdc75f5320e05b419226dd3d33681d6457b237817e
SSDEEP

768:56AXKLtxaPffnSzdXCNfYdNGGMFE2qK7JH8gguXc:YAXUtxx4NgdIw2rgus

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  VirusShare-00459faff7688f8ab94e358af18c79c0
- Size
  
  68KB
- MD5
  
  00459faff7688f8ab94e358af18c79c0
- SHA1
  
  dce42228471c0e6911dcfe759a2ca0251e34a5d8
- SHA256
  
  dea1f30124c19c6c87ca122715901452af1d3f7b0e734fadb41f295d1f821a4c
- SHA512
  
  90d5c8ffd41f21b3db3d8ff5a7b47099c71dd3127c4578cf257c965912fbc75da26c42cc1c15d52adc4e4afdc75f5320e05b419226dd3d33681d6457b237817e
- SSDEEP
  
  768:56AXKLtxaPffnSzdXCNfYdNGGMFE2qK7JH8gguXc:YAXUtxx4NgdIw2rgus
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Sets DLL path for service in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence