082f822a1420c9a7a253e5694437c27cf7ac7d6e92475e4182077d0be226c80e | Triage

Sharing

General

Target

db3275e7fa96a10977e2e602cfe083be
Size

225KB
Sample

240321-kmr1zaff68
MD5

db3275e7fa96a10977e2e602cfe083be
SHA1

ebd2d9cee5a22778069f4520f74aa594b960c28f
SHA256

082f822a1420c9a7a253e5694437c27cf7ac7d6e92475e4182077d0be226c80e
SHA512

8d4b8e7b26f0fc637d4ad889dc43a186bf07c41246694680d5e933b8a9a645ab3238d44c17fa9f23c752adc46e3dcc5ef88b4a2a60f9811e7a404d442b54fca3
SSDEEP

3072:OJIcH/KbVY1/lHnb0YuzOn38sA7evl6DkRYIIJZjiBxuuvLaY5QG6MKvaQb:OCcHyiNlH1n38sJ5YvbjiBxujM6MKCQb

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  db3275e7fa96a10977e2e602cfe083be
- Size
  
  225KB
- MD5
  
  db3275e7fa96a10977e2e602cfe083be
- SHA1
  
  ebd2d9cee5a22778069f4520f74aa594b960c28f
- SHA256
  
  082f822a1420c9a7a253e5694437c27cf7ac7d6e92475e4182077d0be226c80e
- SHA512
  
  8d4b8e7b26f0fc637d4ad889dc43a186bf07c41246694680d5e933b8a9a645ab3238d44c17fa9f23c752adc46e3dcc5ef88b4a2a60f9811e7a404d442b54fca3
- SSDEEP
  
  3072:OJIcH/KbVY1/lHnb0YuzOn38sA7evl6DkRYIIJZjiBxuuvLaY5QG6MKvaQb:OCcHyiNlH1n38sJ5YvbjiBxujM6MKCQb
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2