311ce91b0bacedf64d500efe57c919eef18865107d73420bc59967d121077cc8 | Triage

Sharing

General

Target

311ce91b0bacedf64d500efe57c919eef18865107d73420bc59967d121077cc8
Size

192KB
Sample

221123-r1nc9sda2s
MD5

fb6acc3da250c5db470492f2790dc221
SHA1

d514cfd7b0ff5221d12091a0810e78e4be245ba4
SHA256

311ce91b0bacedf64d500efe57c919eef18865107d73420bc59967d121077cc8
SHA512

22354218c7ca9dc6221064a8e9dda4c931fbe5314fc61ff381bcf413b8b5452432fee1a24a3709cdce5033e4153c6163ea2d396c6cdf0dc9fb2243859f0f41d4
SSDEEP

3072:5AUvnyA6tx3W7c4iFyLN1oGpVOfZaIHmmC8J26HuSQYJ6O:rvn0xz4bB1trYmmCI2UFn

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  311ce91b0bacedf64d500efe57c919eef18865107d73420bc59967d121077cc8
- Size
  
  192KB
- MD5
  
  fb6acc3da250c5db470492f2790dc221
- SHA1
  
  d514cfd7b0ff5221d12091a0810e78e4be245ba4
- SHA256
  
  311ce91b0bacedf64d500efe57c919eef18865107d73420bc59967d121077cc8
- SHA512
  
  22354218c7ca9dc6221064a8e9dda4c931fbe5314fc61ff381bcf413b8b5452432fee1a24a3709cdce5033e4153c6163ea2d396c6cdf0dc9fb2243859f0f41d4
- SSDEEP
  
  3072:5AUvnyA6tx3W7c4iFyLN1oGpVOfZaIHmmC8J26HuSQYJ6O:rvn0xz4bB1trYmmCI2UFn
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2