1cb6a24bc3f30996150c4c737cf2bc33e5a04741a93e516d6504dd8602f5f843 | Triage

Sharing

General

Target

Quotation.jar
Size

402KB
Sample

200707-k82q21lkbe
MD5

fd50183db6b1d898c6c03fb37addd1d4
SHA1

39dcdc068ae5b59a92cd2c9fe9ded56e45a8c77c
SHA256

1cb6a24bc3f30996150c4c737cf2bc33e5a04741a93e516d6504dd8602f5f843
SHA512

c0c5a8091fdca57e0097503d15d08872f022d91dc7fc343d56d2071e5519f32803b723d6f7da88b70364da5d6abd2157d9024e3a380ab83f22bfc5ac27634fa2

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  Quotation.jar
- Size
  
  402KB
- MD5
  
  fd50183db6b1d898c6c03fb37addd1d4
- SHA1
  
  39dcdc068ae5b59a92cd2c9fe9ded56e45a8c77c
- SHA256
  
  1cb6a24bc3f30996150c4c737cf2bc33e5a04741a93e516d6504dd8602f5f843
- SHA512
  
  c0c5a8091fdca57e0097503d15d08872f022d91dc7fc343d56d2071e5519f32803b723d6f7da88b70364da5d6abd2157d9024e3a380ab83f22bfc5ac27634fa2
Score

10^/10

persistence evasion trojan discovery
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Checks for installed software on the system
  discovery
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceevasiontrojandiscovery

behavioral2

persistenceevasiontrojandiscovery