ff23a9eca12dc9f585a201f12907bc04df670dc759277cfe402a3924a0e49adb | Triage

Sharing

General

Target

VirusShare_9c7e84113b329bea497d963db2ab8bf5
Size

169KB
Sample

240204-qa2yascdem
MD5

9c7e84113b329bea497d963db2ab8bf5
SHA1

27bc2abc7816401130289e916a9c4224fbf1dc87
SHA256

ff23a9eca12dc9f585a201f12907bc04df670dc759277cfe402a3924a0e49adb
SHA512

0c098b40a9c268ac8f5b89ecbbaee59155c5b2ea7888eab22239f5fed111e406b900b9db02620a291f468624c0b3e6f1a17d11969d6310a7fa925feca08a94b0
SSDEEP

3072:8LbjKmmfcRygt+sX4LdVZtJ6rrRczBpb6K3yGHw6rI2Z+yAV1NiP1ry:8LPK/fcRVnIHZtSrRc9cMk6kfiry

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  VirusShare_9c7e84113b329bea497d963db2ab8bf5
- Size
  
  169KB
- MD5
  
  9c7e84113b329bea497d963db2ab8bf5
- SHA1
  
  27bc2abc7816401130289e916a9c4224fbf1dc87
- SHA256
  
  ff23a9eca12dc9f585a201f12907bc04df670dc759277cfe402a3924a0e49adb
- SHA512
  
  0c098b40a9c268ac8f5b89ecbbaee59155c5b2ea7888eab22239f5fed111e406b900b9db02620a291f468624c0b3e6f1a17d11969d6310a7fa925feca08a94b0
- SSDEEP
  
  3072:8LbjKmmfcRygt+sX4LdVZtJ6rrRczBpb6K3yGHw6rI2Z+yAV1NiP1ry:8LPK/fcRVnIHZtSrRc9cMk6kfiry
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2