40878b144546065514592985935d431728501af9783a406ec55102427ebe8bbe | Triage

Sharing

General

Target

40878b144546065514592985935d431728501af9783a406ec55102427ebe8bbe
Size

492KB
Sample

221123-nbhjyabe5t
MD5

5ecd652d795dc01c250a16af4728bdf4
SHA1

fce96372d5f79a59a9b3163f51b417f708225140
SHA256

40878b144546065514592985935d431728501af9783a406ec55102427ebe8bbe
SHA512

09e25ca192ac3a114d6741ce3c3f1c55c9325ea18727492e79615945a21b8e0ef8ca9761101603cafcd77d25b5fc2db0b31a252aab696b6e08af64a6dedc9bfb
SSDEEP

6144:PNc0p9tqViYN5CmV9Cd11lhR/+Dle/SwR00/evXW+rJN/JyyefTNCRC67QtVwg:CCWpDxVql+D6SwqfrtNJDaCk67QtV

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  40878b144546065514592985935d431728501af9783a406ec55102427ebe8bbe
- Size
  
  492KB
- MD5
  
  5ecd652d795dc01c250a16af4728bdf4
- SHA1
  
  fce96372d5f79a59a9b3163f51b417f708225140
- SHA256
  
  40878b144546065514592985935d431728501af9783a406ec55102427ebe8bbe
- SHA512
  
  09e25ca192ac3a114d6741ce3c3f1c55c9325ea18727492e79615945a21b8e0ef8ca9761101603cafcd77d25b5fc2db0b31a252aab696b6e08af64a6dedc9bfb
- SSDEEP
  
  6144:PNc0p9tqViYN5CmV9Cd11lhR/+Dle/SwR00/evXW+rJN/JyyefTNCRC67QtVwg:CCWpDxVql+D6SwqfrtNJDaCk67QtV
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2