cae73473cf2e9ee35ff43a7ef21c8abe7e500c57334f63cf5998b90bf2b994a4 | Triage

Sharing

General

Target

.exe
Size

485KB
Sample

241005-njlxbswemg
MD5

2e51cc1311ae230a0416558895804efd
SHA1

02d92c23c8ba5945d8fab5a7d5dc2eb20c7cde09
SHA256

cae73473cf2e9ee35ff43a7ef21c8abe7e500c57334f63cf5998b90bf2b994a4
SHA512

8d8fddc51171fd6f9d60eff3ec6b4e5fda639c18a94dd0f6b96418a8a468859f06cdd285f950fe4522b5504111d8f45f2a1e94e13f933dcb42c2226863dc9aa3
SSDEEP

12288:yzpHHapDSYWpq5MDMQ03bKrJF323j/y/mbUket:yzpH6pmYWpq5MDMQ03Sb3erygUvt

Score

8^/10

defense_evasion persistence

Malware Config

Targets

- Target
  
  .exe
- Size
  
  485KB
- MD5
  
  2e51cc1311ae230a0416558895804efd
- SHA1
  
  02d92c23c8ba5945d8fab5a7d5dc2eb20c7cde09
- SHA256
  
  cae73473cf2e9ee35ff43a7ef21c8abe7e500c57334f63cf5998b90bf2b994a4
- SHA512
  
  8d8fddc51171fd6f9d60eff3ec6b4e5fda639c18a94dd0f6b96418a8a468859f06cdd285f950fe4522b5504111d8f45f2a1e94e13f933dcb42c2226863dc9aa3
- SSDEEP
  
  12288:yzpHHapDSYWpq5MDMQ03bKrJF323j/y/mbUket:yzpH6pmYWpq5MDMQ03Sb3erygUvt
Score

8^/10

defense_evasion persistence
- Modify Registry: Disable Windows Driver Blocklist
  Disable Windows Driver Blocklist via Registry.
  defense_evasion
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasionpersistence