b2437eaf0949e288d59e6aaade8eb12fb9c895bad18642481bc06cbfa173ba61 | Triage

Sharing

General

Target

AdobeGenP.zip
Size

625KB
Sample

240311-ptfzhaah5w
MD5

3698ee5ec0fc39742175218e7f0951b3
SHA1

4bf4c58b48f3fd65ccc901659168a0ca7c8b2670
SHA256

b2437eaf0949e288d59e6aaade8eb12fb9c895bad18642481bc06cbfa173ba61
SHA512

2391f449b6790b0b98a2f2cba01a0535c34142068da9a372a8dcf0827966792e6156e8f41ea7323f393e286e3872ebb2815eff1e44d353d6efe5726326dd9ad9
SSDEEP

12288:tBckqdbhVaS6twN5Hp+Qekyt6VtJt0pL0m60En6XC5pohH8xgC6Us:7ckqXVaBt+5J+QejMtWl6FnIC5poajs

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  AdobeGenP.exe
- Size
  
  1.2MB
- MD5
  
  ba995555b004b1e952da47fe8367fdd8
- SHA1
  
  12b96cabfafdc8e54e555b49b5aa2fcd8fdba306
- SHA256
  
  41f955741e33a6a0d0066e57a2692801454d45e3748dafe922b1ab01e464188b
- SHA512
  
  115e2848cb142d3698ec4d5fc89bfc3916a0ce66236d333a229db108ade2a699c1db5009df9781dee54b1c611af53ccc2b8e67de748e7ea678da7a9a99ebf58e
- SSDEEP
  
  24576:GrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9Tva/HeqtGfTPh:G2EYTb8atv1orq+pEiSDTj1VyvBa/HeR
Score

8^/10

evasion
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1