84bcba04a0ca8fb5b4f7d1acb98a31e61ebbff5ae9749997c1893f0aa340c22e | Triage

Sharing

General

Target

84bcba04a0ca8fb5b4f7d1acb98a31e61ebbff5ae9749997c1893f0aa340c22e
Size

160KB
Sample

221029-erv1jaagf4
MD5

c15d65bf23b9ea788e1189f29b67f1cc
SHA1

b2f569d3552cba767c46c43b8b0fbe9cf702c04f
SHA256

84bcba04a0ca8fb5b4f7d1acb98a31e61ebbff5ae9749997c1893f0aa340c22e
SHA512

279ebfdcd9c0d42a2d4984785e0504c3c88a8b237b4ec7beb340b16f160ceea6d97e432aada7021511fad700834745b8cd2dd9f22783e8c7058efcbff2c3359c
SSDEEP

3072:jSy7JYQLxdtE7e/+Q1/src9LEZFotiVIltWUaMZo:jPmexjE7e/mnZ+iq6lMZo

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  84bcba04a0ca8fb5b4f7d1acb98a31e61ebbff5ae9749997c1893f0aa340c22e
- Size
  
  160KB
- MD5
  
  c15d65bf23b9ea788e1189f29b67f1cc
- SHA1
  
  b2f569d3552cba767c46c43b8b0fbe9cf702c04f
- SHA256
  
  84bcba04a0ca8fb5b4f7d1acb98a31e61ebbff5ae9749997c1893f0aa340c22e
- SHA512
  
  279ebfdcd9c0d42a2d4984785e0504c3c88a8b237b4ec7beb340b16f160ceea6d97e432aada7021511fad700834745b8cd2dd9f22783e8c7058efcbff2c3359c
- SSDEEP
  
  3072:jSy7JYQLxdtE7e/+Q1/src9LEZFotiVIltWUaMZo:jPmexjE7e/mnZ+iq6lMZo
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2