9564b350be87a09622f60c613def3ca3f825b6af3fe2d4af3f406614c77534c3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a11c60ccfe909a4aa32f7c15118ed806
Size

98KB
Sample

240224-gmrtesbc55
MD5

a11c60ccfe909a4aa32f7c15118ed806
SHA1

1c92db19c029965ae04e5c1bb5385b63f8887a67
SHA256

9564b350be87a09622f60c613def3ca3f825b6af3fe2d4af3f406614c77534c3
SHA512

70317c7653027c1da344ec6b61db110e9c6dac4f4edd81799d07c3b031871c2dacf709352e6c6bf8d6baa3248bfc52c8a38f55672fe7a837382dd97443accd6b
SSDEEP

1536:U7P59H12p0sV3P6pKGhJJ38z94vfH8i5/2uU64NBC4XLzvvKXR2JTU45KWUiGMe:kpjIz94nn5+RFfXQqU4cWUi5e

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  a11c60ccfe909a4aa32f7c15118ed806
- Size
  
  98KB
- MD5
  
  a11c60ccfe909a4aa32f7c15118ed806
- SHA1
  
  1c92db19c029965ae04e5c1bb5385b63f8887a67
- SHA256
  
  9564b350be87a09622f60c613def3ca3f825b6af3fe2d4af3f406614c77534c3
- SHA512
  
  70317c7653027c1da344ec6b61db110e9c6dac4f4edd81799d07c3b031871c2dacf709352e6c6bf8d6baa3248bfc52c8a38f55672fe7a837382dd97443accd6b
- SSDEEP
  
  1536:U7P59H12p0sV3P6pKGhJJ38z94vfH8i5/2uU64NBC4XLzvvKXR2JTU45KWUiGMe:kpjIz94nn5+RFfXQqU4cWUi5e
Score

8^/10

evasion
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2