merlin | 1a490bdca46dce6160857063eb29df68d0605cba0ef9e5be4186910a228554ee | Triage

Sharing

General

Target

2024-08-22_c7bd4b9e418c201f25af07c424418f92_snatch
Size

16.9MB
Sample

240823-afdvnaxdpj
MD5

c7bd4b9e418c201f25af07c424418f92
SHA1

6e0e2ce756d53511447b56f57a8d5f9c58f66dea
SHA256

1a490bdca46dce6160857063eb29df68d0605cba0ef9e5be4186910a228554ee
SHA512

27b3283ff3720ae8d94436048b659aae2ded4cd122a00f1caf6e737fadd4f3688e14177bc480f8b1a7eb342a8e9156295348140b74d235e49236b77b851fff11
SSDEEP

49152:CPSw9ndEUyBOCP8EehUfpoCghtqYDnI+5aK6XHRZ5uVx:zleOStftIZ

Score

10^/10

merlin backdoor persistence

Malware Config

Targets

- Target
  
  2024-08-22_c7bd4b9e418c201f25af07c424418f92_snatch
- Size
  
  16.9MB
- MD5
  
  c7bd4b9e418c201f25af07c424418f92
- SHA1
  
  6e0e2ce756d53511447b56f57a8d5f9c58f66dea
- SHA256
  
  1a490bdca46dce6160857063eb29df68d0605cba0ef9e5be4186910a228554ee
- SHA512
  
  27b3283ff3720ae8d94436048b659aae2ded4cd122a00f1caf6e737fadd4f3688e14177bc480f8b1a7eb342a8e9156295348140b74d235e49236b77b851fff11
- SSDEEP
  
  49152:CPSw9ndEUyBOCP8EehUfpoCghtqYDnI+5aK6XHRZ5uVx:zleOStftIZ
Score

10^/10

merlin backdoor persistence
- Merlin
  Merlin is a cross-platform post-exploitation C2 framework written in golang.
  backdoor merlin
- Merlin payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

merlinbackdoorpersistence

behavioral2

merlinbackdoorpersistence