6c5c73f1bd61c9281d05d5eab840eb689fe63ec15977cc60012ce5c7184042b6 | Triage

Sharing

General

Target

6c5c73f1bd61c9281d05d5eab840eb689fe63ec15977cc60012ce5c7184042b6
Size

2.8MB
Sample

240305-1fby6sba35
MD5

ffa9de7e1099b646dd55d1245bbbe4e4
SHA1

c189bf90d44bdc77e44ba0bb8c12f98ef4d79993
SHA256

6c5c73f1bd61c9281d05d5eab840eb689fe63ec15977cc60012ce5c7184042b6
SHA512

49d52955833b59810b0227b27a02ead5c8f0b4be3432f59898e3868e5fc3b2c1b33cce277f68ed22c107b04eee2a79c1663d0e5adfce2468f5fc3d8b250163ee
SSDEEP

49152:cPb5azQk6yxs+g8R3m5Vy5lQKQSdVbGBewI27SgnXF47VyK1/5GpBc3:mb5azx6X+gi3m5ZKQSdVqB9I27S2XF4n

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  6c5c73f1bd61c9281d05d5eab840eb689fe63ec15977cc60012ce5c7184042b6
- Size
  
  2.8MB
- MD5
  
  ffa9de7e1099b646dd55d1245bbbe4e4
- SHA1
  
  c189bf90d44bdc77e44ba0bb8c12f98ef4d79993
- SHA256
  
  6c5c73f1bd61c9281d05d5eab840eb689fe63ec15977cc60012ce5c7184042b6
- SHA512
  
  49d52955833b59810b0227b27a02ead5c8f0b4be3432f59898e3868e5fc3b2c1b33cce277f68ed22c107b04eee2a79c1663d0e5adfce2468f5fc3d8b250163ee
- SSDEEP
  
  49152:cPb5azQk6yxs+g8R3m5Vy5lQKQSdVbGBewI27SgnXF47VyK1/5GpBc3:mb5azx6X+gi3m5ZKQSdVqB9I27S2XF4n
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence