8510f0b1edfeb2313ecc62eeb689e7bd91a3751e9221347572d2a74d94b3fc81 | Triage

Sharing

General

Target

07072020-Payment.jar
Size

406KB
Sample

200707-v48rff68jn
MD5

6b2bffb955ed0df1fd3d239fcbbcbf3d
SHA1

22e1f5e279b30023c131260c82e66777afcc4e53
SHA256

8510f0b1edfeb2313ecc62eeb689e7bd91a3751e9221347572d2a74d94b3fc81
SHA512

1ca70934661f12da702aea00fcd66c369ff5b97a121ab295c7c276cd8285832dcc30a98d65bdda48d3225d6e3f9dcad0b0e141a1d863eed153f057a4934f4781

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  07072020-Payment.jar
- Size
  
  406KB
- MD5
  
  6b2bffb955ed0df1fd3d239fcbbcbf3d
- SHA1
  
  22e1f5e279b30023c131260c82e66777afcc4e53
- SHA256
  
  8510f0b1edfeb2313ecc62eeb689e7bd91a3751e9221347572d2a74d94b3fc81
- SHA512
  
  1ca70934661f12da702aea00fcd66c369ff5b97a121ab295c7c276cd8285832dcc30a98d65bdda48d3225d6e3f9dcad0b0e141a1d863eed153f057a4934f4781
Score

10^/10

persistence evasion trojan discovery
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Checks for installed software on the system
  discovery
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceevasiontrojandiscovery

behavioral2

persistenceevasiontrojandiscovery