f41dfa0eb3511990f54ac6327718659df1c67ebf3bf919c09e4afc17bbd1cab0 | Triage

Sharing

General

Target

f41dfa0eb3511990f54ac6327718659df1c67ebf3bf919c09e4afc17bbd1cab0
Size

3.1MB
Sample

211231-zthhfaffgl
MD5

7fdb0e110b4cafeb10afb3d634cf7aa8
SHA1

797980e5d859725d6971ae0edcb3c3802c37e770
SHA256

f41dfa0eb3511990f54ac6327718659df1c67ebf3bf919c09e4afc17bbd1cab0
SHA512

aa491dcc770741783a77d230b11200393c280012578d1259d9e693fbd34f21e9ab107c298c2f10e5a2d8c9cbb4222f4ab10f353a921e8212d3a504a7a2b4a72b

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  f41dfa0eb3511990f54ac6327718659df1c67ebf3bf919c09e4afc17bbd1cab0
- Size
  
  3.1MB
- MD5
  
  7fdb0e110b4cafeb10afb3d634cf7aa8
- SHA1
  
  797980e5d859725d6971ae0edcb3c3802c37e770
- SHA256
  
  f41dfa0eb3511990f54ac6327718659df1c67ebf3bf919c09e4afc17bbd1cab0
- SHA512
  
  aa491dcc770741783a77d230b11200393c280012578d1259d9e693fbd34f21e9ab107c298c2f10e5a2d8c9cbb4222f4ab10f353a921e8212d3a504a7a2b4a72b
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan