568e942e0a1091158fd3ad3f2b8fb497bc6c8996ea0e5ff1fd0dd04fadfba31d | Triage

Sharing

General

Target

ac1661cb3ae9edd40955afacb8c6f80d
Size

51KB
Sample

240228-rl5c8sde87
MD5

ac1661cb3ae9edd40955afacb8c6f80d
SHA1

b1e19ca4d0ebe509b121ac2d75a92f29aec08d9f
SHA256

568e942e0a1091158fd3ad3f2b8fb497bc6c8996ea0e5ff1fd0dd04fadfba31d
SHA512

cd91723e79f495c328f3bfdebf1b3c9fb9b898445f5bf6e0be0128f5e11d61fb8b3662da847760cbdabaa5f9115c005c7722fabc0787c3f604cb188b0554bf2a
SSDEEP

768:WFh4uM71ea1nSlCZL2z/Ig5eOH0KHTqbb7Ky2HFf41aSFB9jEjgz4xQ:WIpvozwVq0KzRy2H13g/Ejgv

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ac1661cb3ae9edd40955afacb8c6f80d
- Size
  
  51KB
- MD5
  
  ac1661cb3ae9edd40955afacb8c6f80d
- SHA1
  
  b1e19ca4d0ebe509b121ac2d75a92f29aec08d9f
- SHA256
  
  568e942e0a1091158fd3ad3f2b8fb497bc6c8996ea0e5ff1fd0dd04fadfba31d
- SHA512
  
  cd91723e79f495c328f3bfdebf1b3c9fb9b898445f5bf6e0be0128f5e11d61fb8b3662da847760cbdabaa5f9115c005c7722fabc0787c3f604cb188b0554bf2a
- SSDEEP
  
  768:WFh4uM71ea1nSlCZL2z/Ig5eOH0KHTqbb7Ky2HFf41aSFB9jEjgz4xQ:WIpvozwVq0KzRy2H13g/Ejgv
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2