100120bd214342195f2605fd330370970095425a5a02dfd8a4f7b389e0ab428c | Triage

Sharing

General

Target

Firebase.exe
Size

154KB
Sample

240927-1j13gatbnb
MD5

90400f8a61086d340fb01e7d5149d49c
SHA1

5e094cf298560e8951c87e9da09a8a6700796838
SHA256

100120bd214342195f2605fd330370970095425a5a02dfd8a4f7b389e0ab428c
SHA512

5760feed7757287c7d7591aad0612e345de8dd6c0861f0707928e7119462d96941fc368fe1110d8501755eb77993414a69a3456f2b4df56cf2dce71a104983fb
SSDEEP

3072:2ahKyd2n3175GWp1icKAArDZz4N9GhbkrNEk1vT:2ahOzp0yN90QEM

Score

6^/10

defense_evasion persistence

Malware Config

Targets

- Target
  
  Firebase.exe
- Size
  
  154KB
- MD5
  
  90400f8a61086d340fb01e7d5149d49c
- SHA1
  
  5e094cf298560e8951c87e9da09a8a6700796838
- SHA256
  
  100120bd214342195f2605fd330370970095425a5a02dfd8a4f7b389e0ab428c
- SHA512
  
  5760feed7757287c7d7591aad0612e345de8dd6c0861f0707928e7119462d96941fc368fe1110d8501755eb77993414a69a3456f2b4df56cf2dce71a104983fb
- SSDEEP
  
  3072:2ahKyd2n3175GWp1icKAArDZz4N9GhbkrNEk1vT:2ahOzp0yN90QEM
Score

6^/10

defense_evasion persistence
- Adds Run key to start application
  persistence
- Deobfuscate/Decode Files or Information
  Payload decoded via CertUtil.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Deobfuscate/Decode Files or Information

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionpersistence