a5b7db963d695f619ea3cd6bc1280cb3d0a235043fafc128193a07de5b21a4ad | Triage

Sharing

General

Target

a5b7db963d695f619ea3cd6bc1280cb3d0a235043fafc128193a07de5b21a4ad
Size

182KB
Sample

240530-bm4kbsaa73
MD5

01f2128134a3f10b34844758ecaf6221
SHA1

dd1c0bc149abd29d6ba62a61e6e2014d631497e9
SHA256

a5b7db963d695f619ea3cd6bc1280cb3d0a235043fafc128193a07de5b21a4ad
SHA512

6d957ec8feeb298cfa23f7d932286bc2e1abe9ec057fee288cd8c522d9099199111bff9e55738a3a2aea49b8a9ab98a426247c05ef1038bed3d6b456e8d912a6
SSDEEP

3072:W++Y/lmp5JrIaLHv67rhIQDR3Y9lNVZTzW1Pl2eo2uGFXHaD6SCxkbT3z2J:iY/lmp5Z567raQqlNT3EtDuGHaDZTz2J

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a5b7db963d695f619ea3cd6bc1280cb3d0a235043fafc128193a07de5b21a4ad
- Size
  
  182KB
- MD5
  
  01f2128134a3f10b34844758ecaf6221
- SHA1
  
  dd1c0bc149abd29d6ba62a61e6e2014d631497e9
- SHA256
  
  a5b7db963d695f619ea3cd6bc1280cb3d0a235043fafc128193a07de5b21a4ad
- SHA512
  
  6d957ec8feeb298cfa23f7d932286bc2e1abe9ec057fee288cd8c522d9099199111bff9e55738a3a2aea49b8a9ab98a426247c05ef1038bed3d6b456e8d912a6
- SSDEEP
  
  3072:W++Y/lmp5JrIaLHv67rhIQDR3Y9lNVZTzW1Pl2eo2uGFXHaD6SCxkbT3z2J:iY/lmp5Z567raQqlNT3EtDuGHaDZTz2J
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence