b4924a8a67c02d6891fad98d895ef5fd7a1ad46fd91421c7a94569d5928d12b3 | Triage

Sharing

General

Target

a1a13c74312941ce3e229ac7a65a8084
Size

228KB
Sample

240224-mekb9shf6t
MD5

a1a13c74312941ce3e229ac7a65a8084
SHA1

37a3c723201fa2879c7960ee6965a4bcc9ca0061
SHA256

b4924a8a67c02d6891fad98d895ef5fd7a1ad46fd91421c7a94569d5928d12b3
SHA512

37a4856fabfc270883ddf5abd7a69f47f17a0fdc698777f66f5387095805ebc51791550ba8051d25dc2f2ac53f42cad1ce18bde46e731063cd1551ee1abfb5c9
SSDEEP

6144:xhH7K0Rti2veu2MDtysq5DhHdsxxUVUo7nOl:/K0Neu2A48xlUnOl

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a1a13c74312941ce3e229ac7a65a8084
- Size
  
  228KB
- MD5
  
  a1a13c74312941ce3e229ac7a65a8084
- SHA1
  
  37a3c723201fa2879c7960ee6965a4bcc9ca0061
- SHA256
  
  b4924a8a67c02d6891fad98d895ef5fd7a1ad46fd91421c7a94569d5928d12b3
- SHA512
  
  37a4856fabfc270883ddf5abd7a69f47f17a0fdc698777f66f5387095805ebc51791550ba8051d25dc2f2ac53f42cad1ce18bde46e731063cd1551ee1abfb5c9
- SSDEEP
  
  6144:xhH7K0Rti2veu2MDtysq5DhHdsxxUVUo7nOl:/K0Neu2A48xlUnOl
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence