ce46a64be590d7dc16d52119ed9162d352cd76600e3e83315bbd976394dc841a | Triage

Sharing

General

Target

c3ada77e2dd71fac487d2026ba06f6a5
Size

837KB
Sample

240312-sk9r1abg6y
MD5

c3ada77e2dd71fac487d2026ba06f6a5
SHA1

c480697d0ccdaf65af9013108d3cbca2a787e2e4
SHA256

ce46a64be590d7dc16d52119ed9162d352cd76600e3e83315bbd976394dc841a
SHA512

873f50ba6dbc0bb043f648a33cc1d72328c2ece12aa9a9bf4e80b58fd7342357871100e4d0bc6ee2b5867fb5748fcec55f329793ea89c3e7e6f0b651b35c2ff2
SSDEEP

24576:KGVbH6wSQcNQX8PAmPFiM/RG8n6ZdX6V:1VbH6wSQh8PAmPFZ/Rl6z

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c3ada77e2dd71fac487d2026ba06f6a5
- Size
  
  837KB
- MD5
  
  c3ada77e2dd71fac487d2026ba06f6a5
- SHA1
  
  c480697d0ccdaf65af9013108d3cbca2a787e2e4
- SHA256
  
  ce46a64be590d7dc16d52119ed9162d352cd76600e3e83315bbd976394dc841a
- SHA512
  
  873f50ba6dbc0bb043f648a33cc1d72328c2ece12aa9a9bf4e80b58fd7342357871100e4d0bc6ee2b5867fb5748fcec55f329793ea89c3e7e6f0b651b35c2ff2
- SSDEEP
  
  24576:KGVbH6wSQcNQX8PAmPFiM/RG8n6ZdX6V:1VbH6wSQh8PAmPFZ/Rl6z
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence