1b001f78a6d1aab0d90d24862dfe726353391eacc6be8c30f0a50aa19fcd4d16 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

greeenshit..exe
Size

1.1MB
Sample

240204-xgppwagdh8
MD5

25a8b9d720d94efe7bbec4f97ef759e9
SHA1

71209257b568b05d300bf0e0cae44357506e6ab3
SHA256

1b001f78a6d1aab0d90d24862dfe726353391eacc6be8c30f0a50aa19fcd4d16
SHA512

75b2d5bc794a16c3b8ad95655bbf311533b83a39343a3b4dff2f7a856313f1920a1f533087dc555a4dd5aa0d1b3be32071f75fe19a69c326da5ea9e8f0e4aa29
SSDEEP

24576:6/I70sTH74Lon0hsxHxKOBadu+c7Hb9H1v1Namm:GIzTb4Lon0uxH4YaQ5rRH1vRm

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  greeenshit..exe
- Size
  
  1.1MB
- MD5
  
  25a8b9d720d94efe7bbec4f97ef759e9
- SHA1
  
  71209257b568b05d300bf0e0cae44357506e6ab3
- SHA256
  
  1b001f78a6d1aab0d90d24862dfe726353391eacc6be8c30f0a50aa19fcd4d16
- SHA512
  
  75b2d5bc794a16c3b8ad95655bbf311533b83a39343a3b4dff2f7a856313f1920a1f533087dc555a4dd5aa0d1b3be32071f75fe19a69c326da5ea9e8f0e4aa29
- SSDEEP
  
  24576:6/I70sTH74Lon0hsxHxKOBadu+c7Hb9H1v1Namm:GIzTb4Lon0uxH4YaQ5rRH1vRm
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence