89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70 | Triage

Sharing

General

Target

89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70
Size

132KB
Sample

221123-q192laad9x
MD5

8fbd0e3b1bfe760ccea684bb57a20925
SHA1

fc13f1387decd0847d74f2fb6224606d53a2f680
SHA256

89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70
SHA512

24d78f251bcdf1a1b64ef4668558917e27646f29b93fd5b39e4ada622564f484190e882201225c57c949dcf0cc3dc514712bdbf826007d35fa7f94d074c07b48
SSDEEP

3072:2fS/Yyot4y6R2CMdH2AY3cUbtvhaDB3I41F:aSAy6JdmtvQhj

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70
- Size
  
  132KB
- MD5
  
  8fbd0e3b1bfe760ccea684bb57a20925
- SHA1
  
  fc13f1387decd0847d74f2fb6224606d53a2f680
- SHA256
  
  89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70
- SHA512
  
  24d78f251bcdf1a1b64ef4668558917e27646f29b93fd5b39e4ada622564f484190e882201225c57c949dcf0cc3dc514712bdbf826007d35fa7f94d074c07b48
- SSDEEP
  
  3072:2fS/Yyot4y6R2CMdH2AY3cUbtvhaDB3I41F:aSAy6JdmtvQhj
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2