6ffba1421d7e805b0416ceb480c4e43861463624c5c9085d1c1643287d86a0ca | Triage

Sharing

General

Target

6ffba1421d7e805b0416ceb480c4e43861463624c5c9085d1c1643287d86a0ca
Size

257KB
Sample

221030-p13rvacbgn
MD5

9261aa58bcd8ad089bd83906ab3178b0
SHA1

605d61c063842fdf2991669934a3cfb3d686de7f
SHA256

6ffba1421d7e805b0416ceb480c4e43861463624c5c9085d1c1643287d86a0ca
SHA512

2d014f05ae9cb409088d3ebf5e06a8adf5634fd1ac0e083e54380637b9e89dcdcf04c35c0f92fe94a8620780573b2bb52e4f4924214d2634a407b28291d349a5
SSDEEP

6144:WkCfvkfXIN0OMAORtIatBMmlRmJOPF9lgXZq:Wtvt0OMD5BngXY

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  6ffba1421d7e805b0416ceb480c4e43861463624c5c9085d1c1643287d86a0ca
- Size
  
  257KB
- MD5
  
  9261aa58bcd8ad089bd83906ab3178b0
- SHA1
  
  605d61c063842fdf2991669934a3cfb3d686de7f
- SHA256
  
  6ffba1421d7e805b0416ceb480c4e43861463624c5c9085d1c1643287d86a0ca
- SHA512
  
  2d014f05ae9cb409088d3ebf5e06a8adf5634fd1ac0e083e54380637b9e89dcdcf04c35c0f92fe94a8620780573b2bb52e4f4924214d2634a407b28291d349a5
- SSDEEP
  
  6144:WkCfvkfXIN0OMAORtIatBMmlRmJOPF9lgXZq:Wtvt0OMD5BngXY
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2