c61409a910ee60ac110a326e4fee3a8609f50d4e072e760ea66c15a1584de855 | Triage

Sharing

General

Target

a72f659fd970d503ac88a81066e58c25
Size

281KB
Sample

240226-yem9pseh2t
MD5

a72f659fd970d503ac88a81066e58c25
SHA1

42b015e9fc6f444afe513245a348568366b02c46
SHA256

c61409a910ee60ac110a326e4fee3a8609f50d4e072e760ea66c15a1584de855
SHA512

a2500f1d439753e9e53d2bca24ab608915eb75126e31247ae4858e7b62878335cacef8ea4c8c21c38213fdffb5c7b61987391393e90e9e96c0cb55a613fc2d75
SSDEEP

6144:Ib9kSqoncIHgp44tKAkG0nyaSDVR2r7flZNgpmPuIft6nv79/Ji:AhqoLb4tKAcRSDVRKjlZNgAue

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  a72f659fd970d503ac88a81066e58c25
- Size
  
  281KB
- MD5
  
  a72f659fd970d503ac88a81066e58c25
- SHA1
  
  42b015e9fc6f444afe513245a348568366b02c46
- SHA256
  
  c61409a910ee60ac110a326e4fee3a8609f50d4e072e760ea66c15a1584de855
- SHA512
  
  a2500f1d439753e9e53d2bca24ab608915eb75126e31247ae4858e7b62878335cacef8ea4c8c21c38213fdffb5c7b61987391393e90e9e96c0cb55a613fc2d75
- SSDEEP
  
  6144:Ib9kSqoncIHgp44tKAkG0nyaSDVR2r7flZNgpmPuIft6nv79/Ji:AhqoLb4tKAcRSDVRKjlZNgAue
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2