62f2e304067fbf277874b14fd0f6916a2ccc4673da1ad576571359da48e3fa1a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62f2e304067fbf277874b14fd0f6916a2ccc4673da1ad576571359da48e3fa1a
Size

817KB
Sample

221003-rvgzasbae5
MD5

42f8aaf305ff983d47fde98bb3f0f021
SHA1

47179533fa0e04136e97d4c3d333a74409897f78
SHA256

62f2e304067fbf277874b14fd0f6916a2ccc4673da1ad576571359da48e3fa1a
SHA512

a5c7ef0b12f2f45a8aa41c931c0a0310266e3956738f370b330d82bb30ac71eb93dbbb6741773288a24fe7105f3fefaab73c952f9985dff1fa064631760c874e
SSDEEP

12288:P8f5lXc+S9jy0g2VLKgMHJHc6H6Jj63t4V+7a7mynN2eLtMos3CMfVEkqJqAdRMl:P8fnX5SRyD4LKBHhcwDtqtxpNkGqAoXz

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  62f2e304067fbf277874b14fd0f6916a2ccc4673da1ad576571359da48e3fa1a
- Size
  
  817KB
- MD5
  
  42f8aaf305ff983d47fde98bb3f0f021
- SHA1
  
  47179533fa0e04136e97d4c3d333a74409897f78
- SHA256
  
  62f2e304067fbf277874b14fd0f6916a2ccc4673da1ad576571359da48e3fa1a
- SHA512
  
  a5c7ef0b12f2f45a8aa41c931c0a0310266e3956738f370b330d82bb30ac71eb93dbbb6741773288a24fe7105f3fefaab73c952f9985dff1fa064631760c874e
- SSDEEP
  
  12288:P8f5lXc+S9jy0g2VLKgMHJHc6H6Jj63t4V+7a7mynN2eLtMos3CMfVEkqJqAdRMl:P8fnX5SRyD4LKBHhcwDtqtxpNkGqAoXz
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan