General

  • Target

    d132f0ddbfb5c89aecdfb4db1abf9551

  • Size

    73KB

  • Sample

    240317-sl48xahe9t

  • MD5

    d132f0ddbfb5c89aecdfb4db1abf9551

  • SHA1

    d602756bb7f53d18a8c4a083039e306cccb8327c

  • SHA256

    1e924f2169c1f24cdaccb5f8a5e63cd07bf189514b8a9846e9cf8cc9bec9c50b

  • SHA512

    2dad38dd1e4cbaf6d8eb6e9c778fc3221b13adae1bd27aec60ec74c82c9a4062c370e3bfe1e2bc7d8cba61232529bb115c300658685a62d0865a9a454f2709b5

  • SSDEEP

    1536:Ag5YYNU8+3HHop4P9qBH2kaXR6QF7eWUu4ZaZP6nJ4a34rsVu:AiU86odQHh64y4P6J4rMu

Score
10/10

Malware Config

Targets

    • Target

      d132f0ddbfb5c89aecdfb4db1abf9551

    • Size

      73KB

    • MD5

      d132f0ddbfb5c89aecdfb4db1abf9551

    • SHA1

      d602756bb7f53d18a8c4a083039e306cccb8327c

    • SHA256

      1e924f2169c1f24cdaccb5f8a5e63cd07bf189514b8a9846e9cf8cc9bec9c50b

    • SHA512

      2dad38dd1e4cbaf6d8eb6e9c778fc3221b13adae1bd27aec60ec74c82c9a4062c370e3bfe1e2bc7d8cba61232529bb115c300658685a62d0865a9a454f2709b5

    • SSDEEP

      1536:Ag5YYNU8+3HHop4P9qBH2kaXR6QF7eWUu4ZaZP6nJ4a34rsVu:AiU86odQHh64y4P6J4rMu

    Score
    10/10
    • Modifies firewall policy service

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scripting

1
T1064

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Scripting

1
T1064

Tasks