b6cd79a1fc147046cdca607e3ad30274ad7a5aa8544a0221455a1b4305962d42 | Triage

Sharing

General

Target

b6cd79a1fc147046cdca607e3ad30274ad7a5aa8544a0221455a1b4305962d42
Size

593KB
Sample

241121-jrbzwazmhy
MD5

23d85c693614bedaed9142bfcbd7cb77
SHA1

e5556d7ef81d95dc7cdf1b78ef28d2decb93654c
SHA256

b6cd79a1fc147046cdca607e3ad30274ad7a5aa8544a0221455a1b4305962d42
SHA512

b82bf7690219fe0aba54b3180aea8daf8ccc97741b2ba23641cc1437a8fd3c889b5006167a36fc79a131de61bd690c7a08c641d84dd03205ba82e46c9130edfc
SSDEEP

12288:31ixytRvGF+JAx05dew7msZN0XLpUP6w:CytlGkGxQew7mWILpfw

Score

8^/10

discovery evasion execution

Malware Config

Targets

- Target
  
  b6cd79a1fc147046cdca607e3ad30274ad7a5aa8544a0221455a1b4305962d42
- Size
  
  593KB
- MD5
  
  23d85c693614bedaed9142bfcbd7cb77
- SHA1
  
  e5556d7ef81d95dc7cdf1b78ef28d2decb93654c
- SHA256
  
  b6cd79a1fc147046cdca607e3ad30274ad7a5aa8544a0221455a1b4305962d42
- SHA512
  
  b82bf7690219fe0aba54b3180aea8daf8ccc97741b2ba23641cc1437a8fd3c889b5006167a36fc79a131de61bd690c7a08c641d84dd03205ba82e46c9130edfc
- SSDEEP
  
  12288:31ixytRvGF+JAx05dew7msZN0XLpUP6w:CytlGkGxQew7mWILpfw
Score

8^/10

discovery evasion execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

discoveryevasionexecution