6643f151aed8a65e60aafdd8ed1df99f4142b3cf4ac8f4f2ef41eb88070b13d8 | Triage

Resubmissions

13-10-2024 22:09

241013-12yp3a1epg 8

23-09-2024 20:35

240923-zc965azepm 3

23-09-2024 20:33

240923-zb633szenn 3

23-09-2024 20:28

240923-y81f5atdmc 10

23-09-2024 20:27

240923-y8sraatdlg 3

23-09-2024 20:27

240923-y8jtdatdlb 3

23-09-2024 20:26

240923-y8b4jazekn 3

23-09-2024 20:22

240923-y51mqazdpr 8

23-09-2024 20:22

240923-y5sbcatcph 4

Sharing

General

Target

sample
Size

12KB
Sample

241013-12yp3a1epg
MD5

0b12663e5ae87a93a8726d938ef5bbf8
SHA1

b53628d0d6db63fc3628146e901fa2ddca94b46d
SHA256

6643f151aed8a65e60aafdd8ed1df99f4142b3cf4ac8f4f2ef41eb88070b13d8
SHA512

9c3d34c587154bad94db1e4084f90f4d6415b7d8869293b74ab1cafb70021a12463fd1f1909ac06ed7407b062fcad33212769f018710081c9729417c59bb7f70
SSDEEP

192:/NX6Gj50qTgymlrU4yD8Idlueh0ng61u+NmRmE5lw23WXX:/mzlrUhD8Idlu2SgT5u2w

Score

8^/10

defense_evasion discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  sample
- Size
  
  12KB
- MD5
  
  0b12663e5ae87a93a8726d938ef5bbf8
- SHA1
  
  b53628d0d6db63fc3628146e901fa2ddca94b46d
- SHA256
  
  6643f151aed8a65e60aafdd8ed1df99f4142b3cf4ac8f4f2ef41eb88070b13d8
- SHA512
  
  9c3d34c587154bad94db1e4084f90f4d6415b7d8869293b74ab1cafb70021a12463fd1f1909ac06ed7407b062fcad33212769f018710081c9729417c59bb7f70
- SSDEEP
  
  192:/NX6Gj50qTgymlrU4yD8Idlueh0ng61u+NmRmE5lw23WXX:/mzlrUhD8Idlu2SgT5u2w
Score

8^/10

defense_evasion discovery evasion persistence privilege_escalation
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistenceprivilege_escalation