fe37d1ffcde030141e084a28aba766d0555d47665127c41a8af2038db2168591 | Triage

Sharing

General

Target

Destroyer.exe
Size

71KB
Sample

240528-pw5qmseh72
MD5

cfa188442e3852b7569daf83d8f6d94c
SHA1

2d46033d23cb61f63a9a9769fcb1837c2a97849c
SHA256

fe37d1ffcde030141e084a28aba766d0555d47665127c41a8af2038db2168591
SHA512

e813e55ca5ff28126dfd32789c839799b72db3fc49ff8be4d63bb3e37392608b3040f49c0f9255a39d12e7ae69f88623b7cf6b80e744521f131342e17be66317
SSDEEP

1536:KVIn7vLAsry2eslLS8Ti1nQyd9O3jKVfOOHoHoLOO:KU/9+vstGGGFOCp

Score

8^/10

evasion execution

Malware Config

Targets

- Target
  
  Destroyer.exe
- Size
  
  71KB
- MD5
  
  cfa188442e3852b7569daf83d8f6d94c
- SHA1
  
  2d46033d23cb61f63a9a9769fcb1837c2a97849c
- SHA256
  
  fe37d1ffcde030141e084a28aba766d0555d47665127c41a8af2038db2168591
- SHA512
  
  e813e55ca5ff28126dfd32789c839799b72db3fc49ff8be4d63bb3e37392608b3040f49c0f9255a39d12e7ae69f88623b7cf6b80e744521f131342e17be66317
- SSDEEP
  
  1536:KVIn7vLAsry2eslLS8Ti1nQyd9O3jKVfOOHoHoLOO:KU/9+vstGGGFOCp
Score

8^/10

evasion execution
- Modifies Windows Firewall
  evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecution