03a67dd32a4ddae526a0596fc7edd97f15b9341a62703d048df6773f35b26b78 | Triage

Sharing

General

Target

fyr1gfss.ke0.exe
Size

30KB
Sample

240802-czf58svhna
MD5

5df44e60ab91a469725dca43248edb11
SHA1

21a640ec840be802319fa7b2089b8641b8d50c84
SHA256

03a67dd32a4ddae526a0596fc7edd97f15b9341a62703d048df6773f35b26b78
SHA512

71b7e21b5e27abbc19d69c4195d56219b2b4312d42cb6a305832e5e7e8152fdb520810ba375fc33ef19ca732db2aecf4d0d13360608b4d8974a7d0754e3ab951
SSDEEP

384:SWWp4AvFEcg9MvfWCtw71ZIV8uMAjDulJzfxEDTlSDBUhqqLWff/F15hg7CZEOwy:t9QEc+cDTlSlUhqqGNhY6UHAL

Score

8^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  fyr1gfss.ke0.exe
- Size
  
  30KB
- MD5
  
  5df44e60ab91a469725dca43248edb11
- SHA1
  
  21a640ec840be802319fa7b2089b8641b8d50c84
- SHA256
  
  03a67dd32a4ddae526a0596fc7edd97f15b9341a62703d048df6773f35b26b78
- SHA512
  
  71b7e21b5e27abbc19d69c4195d56219b2b4312d42cb6a305832e5e7e8152fdb520810ba375fc33ef19ca732db2aecf4d0d13360608b4d8974a7d0754e3ab951
- SSDEEP
  
  384:SWWp4AvFEcg9MvfWCtw71ZIV8uMAjDulJzfxEDTlSDBUhqqLWff/F15hg7CZEOwy:t9QEc+cDTlSlUhqqGNhY6UHAL
Score

8^/10

discovery evasion persistence
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence