6a36a0d694602b12841d4e7128fc87a9c8f21730069e46e53c924721c6fb96cb | Triage

Sharing

General

Target

URGENT QUOTATION.PDF.jar
Size

403KB
Sample

200713-5fdke17882
MD5

ebd06502ce342277b68df53cadb463f6
SHA1

838b17cd4b5678f5743e1c6b2ea20266c1754be8
SHA256

6a36a0d694602b12841d4e7128fc87a9c8f21730069e46e53c924721c6fb96cb
SHA512

1d130eef42911ee7cb65fae3173e8a750fa5155204a69cdd1807d72a1277271d7297dde918c48f4652f9ee80903b35e512dec8a13b8504d031c06b2c675de56b

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  URGENT QUOTATION.PDF.jar
- Size
  
  403KB
- MD5
  
  ebd06502ce342277b68df53cadb463f6
- SHA1
  
  838b17cd4b5678f5743e1c6b2ea20266c1754be8
- SHA256
  
  6a36a0d694602b12841d4e7128fc87a9c8f21730069e46e53c924721c6fb96cb
- SHA512
  
  1d130eef42911ee7cb65fae3173e8a750fa5155204a69cdd1807d72a1277271d7297dde918c48f4652f9ee80903b35e512dec8a13b8504d031c06b2c675de56b
Score

10^/10

discovery persistence evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Checks for installed software on the system
  discovery
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoverypersistenceevasiontrojan

behavioral2

persistenceevasiontrojandiscovery