9cf869ea01362a1dd4fac304cc7a716f24ba1903c4a8342176c9f6a13cdfed92 | Triage

Sharing

General

Target

9cf869ea01362a1dd4fac304cc7a716f24ba1903c4a8342176c9f6a13cdfed92
Size

129KB
Sample

221030-wwemsaecgr
MD5

824d11365647e6ab254eae386f539030
SHA1

58fc3926651b471138595cacf9a09fb95415f557
SHA256

9cf869ea01362a1dd4fac304cc7a716f24ba1903c4a8342176c9f6a13cdfed92
SHA512

ff8fcfc0e34a8c5c8cd87141a369450d76a7b80058deac77cf3a3d3d13eb6012abdd318ec693da1731ca43dd029f9c5abb461fd6166dd42507cdb7dc89700137
SSDEEP

3072:YRhlARSOsdwD/98out3SDADeak7dJHB/AKG:YRARoiSoS3SsQLH5AK

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  9cf869ea01362a1dd4fac304cc7a716f24ba1903c4a8342176c9f6a13cdfed92
- Size
  
  129KB
- MD5
  
  824d11365647e6ab254eae386f539030
- SHA1
  
  58fc3926651b471138595cacf9a09fb95415f557
- SHA256
  
  9cf869ea01362a1dd4fac304cc7a716f24ba1903c4a8342176c9f6a13cdfed92
- SHA512
  
  ff8fcfc0e34a8c5c8cd87141a369450d76a7b80058deac77cf3a3d3d13eb6012abdd318ec693da1731ca43dd029f9c5abb461fd6166dd42507cdb7dc89700137
- SSDEEP
  
  3072:YRhlARSOsdwD/98out3SDADeak7dJHB/AKG:YRARoiSoS3SsQLH5AK
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies system executable filetype association
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan