ffdc64da53d04026e07aeb835d77a4c4c712065085acb1b13770a1e0d33e819a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

290f8d5f7493a86e6aabcffce41064c8.bin
Size

3.6MB
Sample

240516-bhnnbadc8y
MD5

76dad58b7c09d00d959590eb6ee3e6f6
SHA1

319d2829c5b7e6ed9750c735bb4e2e8bcbd02fce
SHA256

ffdc64da53d04026e07aeb835d77a4c4c712065085acb1b13770a1e0d33e819a
SHA512

5282a993e526aa0e83f3dcb8ea8e5cbfcd789836fd0283462a750ef803176b3e7eac6c13047c7b6db7f191479505597db1cb1ba1c27d2fb61e574f7dfeb33fe0
SSDEEP

98304:l8YLnlnXA7kuI0UE8CjwjMPdPZPJCHh7YPY:KYhnXkkuI0RjwjQ9ZPitl

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  d9f651fec6a6af303b160ac89741ca217379cbf00c1233d75762271396cfb6f0.exe
- Size
  
  5.9MB
- MD5
  
  290f8d5f7493a86e6aabcffce41064c8
- SHA1
  
  9cc5a44bbff3690f886407f17628c18cf4d853fc
- SHA256
  
  d9f651fec6a6af303b160ac89741ca217379cbf00c1233d75762271396cfb6f0
- SHA512
  
  28f3d569ba04c1c2738dea83626376231bb31d71ace3eda4df0e6948aa1c38caad6b7f31b7cba3f1f68788a2daf85592be025a13bddc57badca409916beb219d
- SSDEEP
  
  98304:FP64cl+XtGjusz0oTSFqUgCPn+sxKpIYwZP2STo3P6LhuB9My0d676INxP:FP64cl+XtGj/TgqU1xo3P6sd0dA6wxP
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2