6d23398a27a09e01c1a97377224c6090249b01d72dd1040fd7094a313292442c | Triage

Sharing

General

Target

6d23398a27a09e01c1a97377224c6090249b01d72dd1040fd7094a313292442c
Size

726KB
Sample

221030-ch9q8ahban
MD5

a34723ece540d72a8ed783376e9f7030
SHA1

75b1fd929621956332b3ee543848fb11fbbe05a6
SHA256

6d23398a27a09e01c1a97377224c6090249b01d72dd1040fd7094a313292442c
SHA512

1f35de288af10838750f3d57f4b255acd6aeeb995b56d9a93e7394dca11aa9f1e6fae5ae2018313ccc8338723da8eefb758b009d769854360806f04b1d51c773
SSDEEP

12288:Tr+K3DCu863yw4lA01u7VsVMz2SgW25jeZ3F7yl8EDpnQj4JuEq:TiKTCYCdBVMKZelFy8ApnQ

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  6d23398a27a09e01c1a97377224c6090249b01d72dd1040fd7094a313292442c
- Size
  
  726KB
- MD5
  
  a34723ece540d72a8ed783376e9f7030
- SHA1
  
  75b1fd929621956332b3ee543848fb11fbbe05a6
- SHA256
  
  6d23398a27a09e01c1a97377224c6090249b01d72dd1040fd7094a313292442c
- SHA512
  
  1f35de288af10838750f3d57f4b255acd6aeeb995b56d9a93e7394dca11aa9f1e6fae5ae2018313ccc8338723da8eefb758b009d769854360806f04b1d51c773
- SSDEEP
  
  12288:Tr+K3DCu863yw4lA01u7VsVMz2SgW25jeZ3F7yl8EDpnQj4JuEq:TiKTCYCdBVMKZelFy8ApnQ
Score

10^/10

persistence evasion trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistencetrojan