994865a22b928934f066255bb9e0b42931ee6844798ac177132931815c4035cf | Triage

Sharing

General

Target

ROL.exe
Size

673KB
Sample

240218-yd1hmsea4v
MD5

1b6d3525aed1d503809a0f19536297ab
SHA1

fb0c317f18ca8ddbccf2914a07378c9ce142cba1
SHA256

994865a22b928934f066255bb9e0b42931ee6844798ac177132931815c4035cf
SHA512

b28264fb8a6c99fe953d27147b9376bc38e720ab3eb597c28755a90cfab674dbe3002acc18b93c866b3286dbac71f63cc4f55af12e47f3c65d83ca31eff55a3c
SSDEEP

12288:2YnHrwWlIi0HVhLNYm3R967pe0eNFFb6ndY:2wL9lIDHn13RYdeNFRSdY

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  ROL.exe
- Size
  
  673KB
- MD5
  
  1b6d3525aed1d503809a0f19536297ab
- SHA1
  
  fb0c317f18ca8ddbccf2914a07378c9ce142cba1
- SHA256
  
  994865a22b928934f066255bb9e0b42931ee6844798ac177132931815c4035cf
- SHA512
  
  b28264fb8a6c99fe953d27147b9376bc38e720ab3eb597c28755a90cfab674dbe3002acc18b93c866b3286dbac71f63cc4f55af12e47f3c65d83ca31eff55a3c
- SSDEEP
  
  12288:2YnHrwWlIi0HVhLNYm3R967pe0eNFFb6ndY:2wL9lIDHn13RYdeNFRSdY
Score

8^/10

evasion
- Blocklisted process makes network request
- Downloads MZ/PE file
- Stops running service(s)
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1