4b3efbf87fb31216a93954617e149825b9f029b4a37ea0fff9851eb363693424 | Triage

Resubmissions

22/07/2024, 10:50

240722-mxrjasvajk 10

19/05/2022, 17:19

220519-vv97maaad7 10

19/05/2022, 17:15

220519-vskh7acghq 10

Sharing

General

Target

YourCyanide.cmd
Size

153KB
Sample

240722-mxrjasvajk
MD5

69eb09a987e1bfe31418cd020811b81d
SHA1

d7dd4d7f065f078cf55a7c0c1f4bcd9ec52096d6
SHA256

4b3efbf87fb31216a93954617e149825b9f029b4a37ea0fff9851eb363693424
SHA512

8ff7aafd71231704edd19f5aef32ebf181918d3e02afb909e82271c11ec2d16da3bebc8eeb0246821bcda07f8c499a7c0e4fb438f723b448945d27d3b714815b
SSDEEP

1536:+5LMvsXOw5wt+ib80tU0ynD5UPXpymORZvAEK5UurPHDo6tyWdeP1kSav+GU6dNQ:Sef3s83Xfm

Score

10^/10

evasion execution persistence privilege_escalation

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/974798125011198003/976894591552860220/NoKeyB.exe

Targets

- Target
  
  YourCyanide.cmd
- Size
  
  153KB
- MD5
  
  69eb09a987e1bfe31418cd020811b81d
- SHA1
  
  d7dd4d7f065f078cf55a7c0c1f4bcd9ec52096d6
- SHA256
  
  4b3efbf87fb31216a93954617e149825b9f029b4a37ea0fff9851eb363693424
- SHA512
  
  8ff7aafd71231704edd19f5aef32ebf181918d3e02afb909e82271c11ec2d16da3bebc8eeb0246821bcda07f8c499a7c0e4fb438f723b448945d27d3b714815b
- SSDEEP
  
  1536:+5LMvsXOw5wt+ib80tU0ynD5UPXpymORZvAEK5UurPHDo6tyWdeP1kSav+GU6dNQ:Sef3s83Xfm
Score

10^/10

execution evasion persistence privilege_escalation
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Blocklisted process makes network request
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Account Manipulation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Account Manipulation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionexecutionpersistenceprivilege_escalation