6fd9798ecac7cdfd94e55a36b9be488f9f52db44cd012ebbf2b718c8ffa5ff44 | Triage

Sharing

General

Target

91d38ff34f7873e73bcc3860dcfebb61
Size

147KB
Sample

240205-m59d3sgcdj
MD5

91d38ff34f7873e73bcc3860dcfebb61
SHA1

89708ae9a87da9547e5b107ed444d457b2c753eb
SHA256

6fd9798ecac7cdfd94e55a36b9be488f9f52db44cd012ebbf2b718c8ffa5ff44
SHA512

ef004be03571d0e17afc3c785adb75fe974a59010e271307e9252cf2436a0118ee9c0fff7b24a5512d31e7f54c69ed562414484e90c78cf196cb5ac78fc8fea4
SSDEEP

3072:Yid3OHRBIRVcJ3Yeq4lExI7clo8gSyn+9C:7BOIYGe5lkovuC

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  91d38ff34f7873e73bcc3860dcfebb61
- Size
  
  147KB
- MD5
  
  91d38ff34f7873e73bcc3860dcfebb61
- SHA1
  
  89708ae9a87da9547e5b107ed444d457b2c753eb
- SHA256
  
  6fd9798ecac7cdfd94e55a36b9be488f9f52db44cd012ebbf2b718c8ffa5ff44
- SHA512
  
  ef004be03571d0e17afc3c785adb75fe974a59010e271307e9252cf2436a0118ee9c0fff7b24a5512d31e7f54c69ed562414484e90c78cf196cb5ac78fc8fea4
- SSDEEP
  
  3072:Yid3OHRBIRVcJ3Yeq4lExI7clo8gSyn+9C:7BOIYGe5lkovuC
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence