ab006550d86ba4174cee95e6b0f7b3dbc2ddf47b96eecd4cacc2e3e17da6f456 | Triage

Sharing

General

Target

ab006550d86ba4174cee95e6b0f7b3dbc2ddf47b96eecd4cacc2e3e17da6f456
Size

45KB
Sample

221123-qpfcvahe3s
MD5

5bc4b63ce78e9649b7a8f313930924ae
SHA1

3012ebd04d470605549502a4627e5a9d39cd9bbd
SHA256

ab006550d86ba4174cee95e6b0f7b3dbc2ddf47b96eecd4cacc2e3e17da6f456
SHA512

af58cd78e38594a798920d417c262d2c3db88196fe7229e22a18797242a9cddc562913db5762f5ca16f2bd662a3b3dd52c77103960505c7ef0090cfb7d13b023
SSDEEP

768:RzxFQxzuXU1brLCnO1V1d4R2LES9MWJ8Z9KJcXlOna2TFCol+:Zwx1rx1jLcXWa2TF/+

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  ab006550d86ba4174cee95e6b0f7b3dbc2ddf47b96eecd4cacc2e3e17da6f456
- Size
  
  45KB
- MD5
  
  5bc4b63ce78e9649b7a8f313930924ae
- SHA1
  
  3012ebd04d470605549502a4627e5a9d39cd9bbd
- SHA256
  
  ab006550d86ba4174cee95e6b0f7b3dbc2ddf47b96eecd4cacc2e3e17da6f456
- SHA512
  
  af58cd78e38594a798920d417c262d2c3db88196fe7229e22a18797242a9cddc562913db5762f5ca16f2bd662a3b3dd52c77103960505c7ef0090cfb7d13b023
- SSDEEP
  
  768:RzxFQxzuXU1brLCnO1V1d4R2LES9MWJ8Z9KJcXlOna2TFCol+:Zwx1rx1jLcXWa2TF/+
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2