c56b5f0c9ded71748cc5d138f56344df0b0d63a03cb66eaae46fbfc468f5d0e0 | Triage

Sharing

General

Target

test.exe
Size

452KB
Sample

240901-l42geaybke
MD5

8068ba47c4eea9a7bd9e34d69d3c7f75
SHA1

90ee80f3eee31fb16caf3f63297fc24f3b973500
SHA256

c56b5f0c9ded71748cc5d138f56344df0b0d63a03cb66eaae46fbfc468f5d0e0
SHA512

f9c6319a7349e10012b05d1159e79aba6b4b0bf6e3fb147b7868aa796246772231508b3303b5585c871974c65d6f25f3af35273667969ff96536bae9a6efee99
SSDEEP

6144:hrltRqw34+KZOsrixjpY2v3IQ0xK/uWnVKZW0Kndu4iomCOX7Pkjt5I7wz:ntYwXK3ixjKI3II/FVKBuFmX7PyrI7C

Score

8^/10

defense_evasion

Malware Config

Targets

- Target
  
  test.exe
- Size
  
  452KB
- MD5
  
  8068ba47c4eea9a7bd9e34d69d3c7f75
- SHA1
  
  90ee80f3eee31fb16caf3f63297fc24f3b973500
- SHA256
  
  c56b5f0c9ded71748cc5d138f56344df0b0d63a03cb66eaae46fbfc468f5d0e0
- SHA512
  
  f9c6319a7349e10012b05d1159e79aba6b4b0bf6e3fb147b7868aa796246772231508b3303b5585c871974c65d6f25f3af35273667969ff96536bae9a6efee99
- SSDEEP
  
  6144:hrltRqw34+KZOsrixjpY2v3IQ0xK/uWnVKZW0Kndu4iomCOX7Pkjt5I7wz:ntYwXK3ixjKI3II/FVKBuFmX7PyrI7C
Score

8^/10

defense_evasion
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
- Modifies termsrv.dll
  Commonly used to allow simultaneous RDP sessions.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Lateral Movement

Remote Services

Remote Desktop Protocol

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion