259be1d6d0e472073e078c4a294ed47dc1f5fb47f55f8b893e2d75d5c6a6a7b6 | Triage

Sharing

General

Target

259be1d6d0e472073e078c4a294ed47dc1f5fb47f55f8b893e2d75d5c6a6a7b6
Size

1.8MB
Sample

191025-mrsakxz72e
MD5

a3fe09a0346d8772c9cba02c1a64ef15
SHA1

c403b96f1909e84bd30c32818bcb74b5107865c5
SHA256

259be1d6d0e472073e078c4a294ed47dc1f5fb47f55f8b893e2d75d5c6a6a7b6
SHA512

f793acb670f3751c0b2ed00693103660bc7f29a2785c159fee25cd5dcfab405a6cc0f3531b9209648bac71eb1040074e232125d075fafeb010ae996a5fae4126

Score

8^/10

Malware Config

Targets

- Target
  
  259be1d6d0e472073e078c4a294ed47dc1f5fb47f55f8b893e2d75d5c6a6a7b6
- Size
  
  1.8MB
- MD5
  
  a3fe09a0346d8772c9cba02c1a64ef15
- SHA1
  
  c403b96f1909e84bd30c32818bcb74b5107865c5
- SHA256
  
  259be1d6d0e472073e078c4a294ed47dc1f5fb47f55f8b893e2d75d5c6a6a7b6
- SHA512
  
  f793acb670f3751c0b2ed00693103660bc7f29a2785c159fee25cd5dcfab405a6cc0f3531b9209648bac71eb1040074e232125d075fafeb010ae996a5fae4126
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies system certificate store
  evasion spyware trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

task2