32313528d1949d9a76db87ef3a6cf61fef41bf662cb0bceb1a43eeed376852ed | Triage

Sharing

General

Target

32313528d1949d9a76db87ef3a6cf61fef41bf662cb0bceb1a43eeed376852ed
Size

139KB
Sample

221123-rz72aahh83
MD5

785b9d45c8a4249ba2f074875a8bbb98
SHA1

7b1cfff7e14a6cd57a941c621e485a22032e0f06
SHA256

32313528d1949d9a76db87ef3a6cf61fef41bf662cb0bceb1a43eeed376852ed
SHA512

a1d6d3595952cb7ab0cda05018236e62b07c7a75dbcaadef3a77352809089bd0096f94c1dbf0972f7e3b7d856d021b9600f0705795d1c0ba7a5e36dfd4b20820
SSDEEP

3072:uyNW+Za5ITmeyYCMdH2AYisIkFPO5K7SXaJ1i:F45UNJdUIT07SXai

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  32313528d1949d9a76db87ef3a6cf61fef41bf662cb0bceb1a43eeed376852ed
- Size
  
  139KB
- MD5
  
  785b9d45c8a4249ba2f074875a8bbb98
- SHA1
  
  7b1cfff7e14a6cd57a941c621e485a22032e0f06
- SHA256
  
  32313528d1949d9a76db87ef3a6cf61fef41bf662cb0bceb1a43eeed376852ed
- SHA512
  
  a1d6d3595952cb7ab0cda05018236e62b07c7a75dbcaadef3a77352809089bd0096f94c1dbf0972f7e3b7d856d021b9600f0705795d1c0ba7a5e36dfd4b20820
- SSDEEP
  
  3072:uyNW+Za5ITmeyYCMdH2AYisIkFPO5K7SXaJ1i:F45UNJdUIT07SXai
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2