c366f7a5c1610f6743647785f3e09d2485d74f643a274ce08fe0ee00f088cde9 | Triage

Sharing

General

Target

WinLock.exe
Size

1.3MB
Sample

220924-nyt69acefq
MD5

a9e41580bd082996629b0e4cb8808e3a
SHA1

94b44199cf8b5ea5fa995a66257a5c98a4bb7ffc
SHA256

c366f7a5c1610f6743647785f3e09d2485d74f643a274ce08fe0ee00f088cde9
SHA512

d63e56735a15345428ceca2afdf1157a700bf5d33d9ba46db9526d02dd9951b59c18018fc68d6d13c2e95d271723c971235ca52b0623a80a3082c5074645e045
SSDEEP

24576:6648hVbsWDAC3wJ5fPYfsc/WrdI6B/bTOt:V4wqYff0H5T8

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  WinLock.exe
- Size
  
  1.3MB
- MD5
  
  a9e41580bd082996629b0e4cb8808e3a
- SHA1
  
  94b44199cf8b5ea5fa995a66257a5c98a4bb7ffc
- SHA256
  
  c366f7a5c1610f6743647785f3e09d2485d74f643a274ce08fe0ee00f088cde9
- SHA512
  
  d63e56735a15345428ceca2afdf1157a700bf5d33d9ba46db9526d02dd9951b59c18018fc68d6d13c2e95d271723c971235ca52b0623a80a3082c5074645e045
- SSDEEP
  
  24576:6648hVbsWDAC3wJ5fPYfsc/WrdI6B/bTOt:V4wqYff0H5T8
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Sets file execution options in registry
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan