b0fac756b71f2fa884679d55f43898d2ab0d7f6a4eacb78acc5dea65e610da49 | Triage

Sharing

General

Target

b0fac756b71f2fa884679d55f43898d2ab0d7f6a4eacb78acc5dea65e610da49
Size

92KB
Sample

221123-s8l1vadc78
MD5

c21c38a2f12e9abcab403ce7b3b8121d
SHA1

483a57b1ef186b36352d482804740d1df3726053
SHA256

b0fac756b71f2fa884679d55f43898d2ab0d7f6a4eacb78acc5dea65e610da49
SHA512

e85ba71603d6f50fe61688fcda732d128e9a445f9b153f48c3d733ea5921cff549eb2ab76ebda9227ffe93d0578374fb4acd736ced93c3b5eab7fb8350070bcb
SSDEEP

1536:EXZnsm2QX9DjWWdPBnQ/G6l/IU9KNWMwDz/xsz5FpTq:Hm245W//G6dONI2z5/q

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  b0fac756b71f2fa884679d55f43898d2ab0d7f6a4eacb78acc5dea65e610da49
- Size
  
  92KB
- MD5
  
  c21c38a2f12e9abcab403ce7b3b8121d
- SHA1
  
  483a57b1ef186b36352d482804740d1df3726053
- SHA256
  
  b0fac756b71f2fa884679d55f43898d2ab0d7f6a4eacb78acc5dea65e610da49
- SHA512
  
  e85ba71603d6f50fe61688fcda732d128e9a445f9b153f48c3d733ea5921cff549eb2ab76ebda9227ffe93d0578374fb4acd736ced93c3b5eab7fb8350070bcb
- SSDEEP
  
  1536:EXZnsm2QX9DjWWdPBnQ/G6l/IU9KNWMwDz/xsz5FpTq:Hm245W//G6dONI2z5/q
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2