eb92231eaa4aef66fc36d34e9dc1e79343764f051e2d8231932a52cf67ea5aba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

spoofer_new.exe
Size

743KB
Sample

240724-j1szraygmb
MD5

d690c45324c05ba5dda285d53785f9d7
SHA1

e8f4572e2b5bb57727ed701df7d4ac17d3577f3c
SHA256

eb92231eaa4aef66fc36d34e9dc1e79343764f051e2d8231932a52cf67ea5aba
SHA512

6f66c672916ffed2ed98d44757bfeb4d31f58fe6e1b1142afc3426b482a1d3290c2f68ebb558cc9085e8283702a39b2844f2805b1e091865965119ee7272adf2
SSDEEP

6144:UsLqdufVUNDa0/KWCA3vyU4yMyCvSLPZvrIFQdGaWlMFYCAhhl:PFUNDa0/KWH3BXLxvFdGnqFYCw

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  spoofer_new.exe
- Size
  
  743KB
- MD5
  
  d690c45324c05ba5dda285d53785f9d7
- SHA1
  
  e8f4572e2b5bb57727ed701df7d4ac17d3577f3c
- SHA256
  
  eb92231eaa4aef66fc36d34e9dc1e79343764f051e2d8231932a52cf67ea5aba
- SHA512
  
  6f66c672916ffed2ed98d44757bfeb4d31f58fe6e1b1142afc3426b482a1d3290c2f68ebb558cc9085e8283702a39b2844f2805b1e091865965119ee7272adf2
- SSDEEP
  
  6144:UsLqdufVUNDa0/KWCA3vyU4yMyCvSLPZvrIFQdGaWlMFYCAhhl:PFUNDa0/KWH3BXLxvFdGnqFYCw
Score

10^/10

discovery evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence