99a5de18c71cfd7fd32d3f2b5bf4a60a4b2aa41f9bdbafa042693375927d11b1 | Triage

Sharing

General

Target

99a5de18c71cfd7fd32d3f2b5bf4a60a4b2aa41f9bdbafa042693375927d11b1
Size

5.4MB
Sample

241014-fpp7yatfkm
MD5

d2ecf5f2a271da094867f6dc31b3d60e
SHA1

b8b7ec24a5c6f1a0ad96e989003516b656256d2e
SHA256

99a5de18c71cfd7fd32d3f2b5bf4a60a4b2aa41f9bdbafa042693375927d11b1
SHA512

9b6f1a5ccf1c7312cf0a7bcbf253516d8ae9f56cc5408d6fd209e0bc26eca9237b6fed0fddd94746bba14c4f5560f279cf933647facf31a77762e05f66ff365d
SSDEEP

49152:wDShb1KwGF4Ilow5sADndfK0IptgSoP6MRM2BTXwmlPJmqHc4h/:VQK0/lX9PJhHc

Score

10^/10

discovery evasion execution persistence

Malware Config

Targets

- Target
  
  99a5de18c71cfd7fd32d3f2b5bf4a60a4b2aa41f9bdbafa042693375927d11b1
- Size
  
  5.4MB
- MD5
  
  d2ecf5f2a271da094867f6dc31b3d60e
- SHA1
  
  b8b7ec24a5c6f1a0ad96e989003516b656256d2e
- SHA256
  
  99a5de18c71cfd7fd32d3f2b5bf4a60a4b2aa41f9bdbafa042693375927d11b1
- SHA512
  
  9b6f1a5ccf1c7312cf0a7bcbf253516d8ae9f56cc5408d6fd209e0bc26eca9237b6fed0fddd94746bba14c4f5560f279cf933647facf31a77762e05f66ff365d
- SSDEEP
  
  49152:wDShb1KwGF4Ilow5sADndfK0IptgSoP6MRM2BTXwmlPJmqHc4h/:VQK0/lX9PJhHc
Score

10^/10

discovery evasion execution persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecutionpersistence

behavioral2

discoveryevasionexecutionpersistence