add0d88665429072983eeec4d8db4f8d1ce6cd39fe519f693a3b94bf3c0effef | Triage

Resubmissions

02-03-2020 14:38

200302-t6xq9fwvas 10

01-03-2020 13:36

200301-y5qej6pnj6 10

Sharing

General

Target

Quotation.jar
Size

377KB
Sample

200302-t6xq9fwvas
MD5

467c999fd06b4f90664bdb08bc3ce0f1
SHA1

2674f8dff289f0137c26c19f04a98e3078029fa8
SHA256

add0d88665429072983eeec4d8db4f8d1ce6cd39fe519f693a3b94bf3c0effef
SHA512

4f5398576aab26154306983dd76116d28eed58a9996a83769d2b41b3803406c0bfb0799f86f955fc09d87efd686f5a77f80f67eb2c4b71a0bd70c556ec28f17a

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  Quotation.jar
- Size
  
  377KB
- MD5
  
  467c999fd06b4f90664bdb08bc3ce0f1
- SHA1
  
  2674f8dff289f0137c26c19f04a98e3078029fa8
- SHA256
  
  add0d88665429072983eeec4d8db4f8d1ce6cd39fe519f693a3b94bf3c0effef
- SHA512
  
  4f5398576aab26154306983dd76116d28eed58a9996a83769d2b41b3803406c0bfb0799f86f955fc09d87efd686f5a77f80f67eb2c4b71a0bd70c556ec28f17a
Score

10^/10

persistence discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Checks for installed software on the system
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistencediscoveryevasiontrojan