b073fd2a007c791958dfd951a7e764a73d1c4579000988d9e3d63b6c7b6751e4 | Triage

Sharing

General

Target

b073fd2a007c791958dfd951a7e764a73d1c4579000988d9e3d63b6c7b6751e4
Size

291KB
Sample

221019-1tks8sacdq
MD5

9084e81c0b51b9993eee1d630291ce50
SHA1

1d9c6d2412cfa863b0c4bff24689d28b6216489a
SHA256

b073fd2a007c791958dfd951a7e764a73d1c4579000988d9e3d63b6c7b6751e4
SHA512

7f0b18738823f65db4770cb7c3a732e59ae6564cdb00621a3a804ef87b397722e691b67d4c8d4fe8cdfb73528d4ac488576bede556fac6545ebef197a92f487e
SSDEEP

3072:TlIJyx7/BGAB0SKvLHjt7YSr89eHTXsUp+iWJXbrSRvyG9w+iWJf:5IJy9IA+Rt7zx0JXbavyG9fJf

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  b073fd2a007c791958dfd951a7e764a73d1c4579000988d9e3d63b6c7b6751e4
- Size
  
  291KB
- MD5
  
  9084e81c0b51b9993eee1d630291ce50
- SHA1
  
  1d9c6d2412cfa863b0c4bff24689d28b6216489a
- SHA256
  
  b073fd2a007c791958dfd951a7e764a73d1c4579000988d9e3d63b6c7b6751e4
- SHA512
  
  7f0b18738823f65db4770cb7c3a732e59ae6564cdb00621a3a804ef87b397722e691b67d4c8d4fe8cdfb73528d4ac488576bede556fac6545ebef197a92f487e
- SSDEEP
  
  3072:TlIJyx7/BGAB0SKvLHjt7YSr89eHTXsUp+iWJXbrSRvyG9w+iWJf:5IJy9IA+Rt7zx0JXbavyG9fJf
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2