3a5480d5ea288089567f338055545b05c195f8eaf350ec4698ca6cb03b91f787 | Triage

Sharing

General

Target

3a5480d5ea288089567f338055545b05c195f8eaf350ec4698ca6cb03b91f787.bin
Size

92KB
Sample

210225-8zts47zqcx
MD5

f90879110d316ff87567e5090b32099c
SHA1

849e5fb60e581637288613f694c50df4c71c3692
SHA256

3a5480d5ea288089567f338055545b05c195f8eaf350ec4698ca6cb03b91f787
SHA512

1cb1e57bec68f91a4bf81010d75826bf56d6366547e7950129ea42e2c206dbe09efa1de8f2d3160ca28a5c3a389c1134d73349d2dbe170285443340cf2a91d13

Score

10^/10

evasion persistence trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://hpsj.firewall-gateway.net:80/hpjs.php

Extracted

Language

ps1

Source

URLs

exe.dropper

https://is.gd/NJZZ9I

Targets

- Target
  
  3a5480d5ea288089567f338055545b05c195f8eaf350ec4698ca6cb03b91f787.bin
- Size
  
  92KB
- MD5
  
  f90879110d316ff87567e5090b32099c
- SHA1
  
  849e5fb60e581637288613f694c50df4c71c3692
- SHA256
  
  3a5480d5ea288089567f338055545b05c195f8eaf350ec4698ca6cb03b91f787
- SHA512
  
  1cb1e57bec68f91a4bf81010d75826bf56d6366547e7950129ea42e2c206dbe09efa1de8f2d3160ca28a5c3a389c1134d73349d2dbe170285443340cf2a91d13
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan