f05bfcd89931b07619ce3cce8bf79cabd1ccf69d1d6f61aa1ad97ddaa1d772ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f05bfcd89931b07619ce3cce8bf79cabd1ccf69d1d6f61aa1ad97ddaa1d772ea
Size

13KB
Sample

221029-y63tgadfh5
MD5

839d32c31039160a912fcfbb3def6850
SHA1

3f7a0f47f79056946e9931f3966d0f436fcfc6cf
SHA256

f05bfcd89931b07619ce3cce8bf79cabd1ccf69d1d6f61aa1ad97ddaa1d772ea
SHA512

40c3be7ab2c216343db60df40275780a39c1ef51cc109ac0949e422324ec7db9729003cd27766a4f695380e857952d2541e537259532760c4512ec33c6a3bec2
SSDEEP

384:8lw3tHjlsEgYwZqUrRE0e22AE6GmbMqiGAg:u6R9LwZle0n2ADbA

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  f05bfcd89931b07619ce3cce8bf79cabd1ccf69d1d6f61aa1ad97ddaa1d772ea
- Size
  
  13KB
- MD5
  
  839d32c31039160a912fcfbb3def6850
- SHA1
  
  3f7a0f47f79056946e9931f3966d0f436fcfc6cf
- SHA256
  
  f05bfcd89931b07619ce3cce8bf79cabd1ccf69d1d6f61aa1ad97ddaa1d772ea
- SHA512
  
  40c3be7ab2c216343db60df40275780a39c1ef51cc109ac0949e422324ec7db9729003cd27766a4f695380e857952d2541e537259532760c4512ec33c6a3bec2
- SSDEEP
  
  384:8lw3tHjlsEgYwZqUrRE0e22AE6GmbMqiGAg:u6R9LwZle0n2ADbA
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2