c588edfabfe42bc8f6aacfcaac5e28df2b72c354eeebbec732fe361676527ab0 | Triage

Sharing

General

Target

URGENT QUOTATION-PDF.jar
Size

403KB
Sample

200710-e2k1ynp8fj
MD5

817352b92f56c7e138392367aafb957c
SHA1

6b22bc04e2ec929b3fbdcbedac0b73f3dc53b6da
SHA256

c588edfabfe42bc8f6aacfcaac5e28df2b72c354eeebbec732fe361676527ab0
SHA512

ba4488fedaa5573774096eaebbd8aa2a80bafb5360c28d4224ecd89db0d81ed58f87c9695d5c0b02b299bcba53056c7f17b5337ca9fdf3e62fdff65a01a36b44

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  URGENT QUOTATION-PDF.jar
- Size
  
  403KB
- MD5
  
  817352b92f56c7e138392367aafb957c
- SHA1
  
  6b22bc04e2ec929b3fbdcbedac0b73f3dc53b6da
- SHA256
  
  c588edfabfe42bc8f6aacfcaac5e28df2b72c354eeebbec732fe361676527ab0
- SHA512
  
  ba4488fedaa5573774096eaebbd8aa2a80bafb5360c28d4224ecd89db0d81ed58f87c9695d5c0b02b299bcba53056c7f17b5337ca9fdf3e62fdff65a01a36b44
Score

10^/10

persistence evasion trojan discovery
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Checks for installed software on the system
  discovery
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceevasiontrojandiscovery

behavioral2

persistenceevasiontrojandiscovery