General
-
Target
dda29696697627935b491cb9213606eb
-
Size
11.8MB
-
Sample
240325-k1trqabg68
-
MD5
dda29696697627935b491cb9213606eb
-
SHA1
5f26c5db377e4a7e79e1762a738997065b550bcf
-
SHA256
b35bd25bae4e658aac7ac882e307227966f3075fcfb36f50dcc10be8b0d65dca
-
SHA512
99ea1d97c3d474ea39cdc1d44199c5b96a1902fc5120b6b8fc6085987ab5c688f8c40b94dc0620608a8550b5379cb2536e0cb6bad29d3b534911e831ef3e32e8
-
SSDEEP
24576:AjCj10HSqGgeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeu:A/D
Static task
static1
Behavioral task
behavioral1
Sample
dda29696697627935b491cb9213606eb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dda29696697627935b491cb9213606eb.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
dda29696697627935b491cb9213606eb
-
Size
11.8MB
-
MD5
dda29696697627935b491cb9213606eb
-
SHA1
5f26c5db377e4a7e79e1762a738997065b550bcf
-
SHA256
b35bd25bae4e658aac7ac882e307227966f3075fcfb36f50dcc10be8b0d65dca
-
SHA512
99ea1d97c3d474ea39cdc1d44199c5b96a1902fc5120b6b8fc6085987ab5c688f8c40b94dc0620608a8550b5379cb2536e0cb6bad29d3b534911e831ef3e32e8
-
SSDEEP
24576:AjCj10HSqGgeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeu:A/D
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2