5eafeb4d9a12b42a906ccdb70b2b8ce154941388a426324d6c047c84478426b5 | Triage

Sharing

General

Target

5eafeb4d9a12b42a906ccdb70b2b8ce154941388a426324d6c047c84478426b5
Size

89KB
Sample

221123-rhptdagf64
MD5

411e6c62ea0e96d79584b17b8bf4399c
SHA1

7bce15fcb7d26d349d600661cd2cd0e555efbe30
SHA256

5eafeb4d9a12b42a906ccdb70b2b8ce154941388a426324d6c047c84478426b5
SHA512

0c8b408a0925b35c0bffbc90ef4b460dd3c6f50a568e1b93b495142e8283b7ce1d77a388aa46bd4229679c057a406cfd63f896d67769fbd77ec19a3f2c685d26
SSDEEP

1536:mO9d1jrLhyezhtkpraytF5+AOYbTK+48L5tjvwT26NgCbxRlG:bHXL0m6aytFS8T3L5tMTv1bxRlG

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  5eafeb4d9a12b42a906ccdb70b2b8ce154941388a426324d6c047c84478426b5
- Size
  
  89KB
- MD5
  
  411e6c62ea0e96d79584b17b8bf4399c
- SHA1
  
  7bce15fcb7d26d349d600661cd2cd0e555efbe30
- SHA256
  
  5eafeb4d9a12b42a906ccdb70b2b8ce154941388a426324d6c047c84478426b5
- SHA512
  
  0c8b408a0925b35c0bffbc90ef4b460dd3c6f50a568e1b93b495142e8283b7ce1d77a388aa46bd4229679c057a406cfd63f896d67769fbd77ec19a3f2c685d26
- SSDEEP
  
  1536:mO9d1jrLhyezhtkpraytF5+AOYbTK+48L5tjvwT26NgCbxRlG:bHXL0m6aytFS8T3L5tMTv1bxRlG
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2