05ebc91b15a028b802e6d39ffdb850ca4ae5692f15e60f1e31a5a8aee666e8bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Doxing.exe
Size

5.3MB
Sample

240217-slggvagf28
MD5

6fe4ed5bdec8d9f3a53e28c542c949f0
SHA1

3109ef8e7bc5c8942f32911c26e2921db0368d39
SHA256

05ebc91b15a028b802e6d39ffdb850ca4ae5692f15e60f1e31a5a8aee666e8bc
SHA512

afa1443a927af2654e315706bfe5c2b0a3ab40f549e2a2bf9c1ab7b454ec6322b1de8d74115bc82a395e3fd0626fac794ffba2ecf77b12d218dc4914a171ae11
SSDEEP

98304:kRdakq5DPgHzhNyXQqg2LjjVSeyG7/Mr2k4bSE37rssVlosp:mu5DsHuMIjVRyG7/MySE3748zp

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  Doxing.exe
- Size
  
  5.3MB
- MD5
  
  6fe4ed5bdec8d9f3a53e28c542c949f0
- SHA1
  
  3109ef8e7bc5c8942f32911c26e2921db0368d39
- SHA256
  
  05ebc91b15a028b802e6d39ffdb850ca4ae5692f15e60f1e31a5a8aee666e8bc
- SHA512
  
  afa1443a927af2654e315706bfe5c2b0a3ab40f549e2a2bf9c1ab7b454ec6322b1de8d74115bc82a395e3fd0626fac794ffba2ecf77b12d218dc4914a171ae11
- SSDEEP
  
  98304:kRdakq5DPgHzhNyXQqg2LjjVSeyG7/Mr2k4bSE37rssVlosp:mu5DsHuMIjVRyG7/MySE3748zp
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence