78dbb664e2867fcd227510cf53111638990a15fe792ea04641f10aa9fcff1258 | Triage

Sharing

General

Target

ce2dba593ed3afedfa00a8de8887ec8b
Size

140KB
Sample

240316-qtrlnsea32
MD5

ce2dba593ed3afedfa00a8de8887ec8b
SHA1

6b3013cd9d10b9f20b418854f1363294e23ba7a4
SHA256

78dbb664e2867fcd227510cf53111638990a15fe792ea04641f10aa9fcff1258
SHA512

a24684aecbe0bb05c5f6a0dcca744133cb35277236563d710bbea12860ba0d7a858cb74e31ffae829a9786224f8d8ac4d4d99f2ebb1a0612680c7243f7c69fe9
SSDEEP

3072:ZBWePozVRNzRMMTTpN28eNuvOkkFPl88bu28f:ZBNQ1PTH2FNDJ2Eu2s

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  ce2dba593ed3afedfa00a8de8887ec8b
- Size
  
  140KB
- MD5
  
  ce2dba593ed3afedfa00a8de8887ec8b
- SHA1
  
  6b3013cd9d10b9f20b418854f1363294e23ba7a4
- SHA256
  
  78dbb664e2867fcd227510cf53111638990a15fe792ea04641f10aa9fcff1258
- SHA512
  
  a24684aecbe0bb05c5f6a0dcca744133cb35277236563d710bbea12860ba0d7a858cb74e31ffae829a9786224f8d8ac4d4d99f2ebb1a0612680c7243f7c69fe9
- SSDEEP
  
  3072:ZBWePozVRNzRMMTTpN28eNuvOkkFPl88bu28f:ZBNQ1PTH2FNDJ2Eu2s
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2