7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80 | Triage

Sharing

General

Target

7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80
Size

768KB
Sample

221123-s8qn2adc83
MD5

176f027dec2780bf44b98fe823da2f7f
SHA1

322ffa91c2e3e595f2225cd22344f70f0863bb30
SHA256

7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80
SHA512

5dcd64e7391cccc86f0583e156396076b46a5745274c00baeb1683b5f29676924709a85431e700dfa83ff49d83f3347e444793fcd8f1db96d12ed75170d5348b
SSDEEP

12288:JQhfzq4kq73ToS0K9mK9jC+K91fzq4kmILv:eT7C8m8jR8Riv

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80
- Size
  
  768KB
- MD5
  
  176f027dec2780bf44b98fe823da2f7f
- SHA1
  
  322ffa91c2e3e595f2225cd22344f70f0863bb30
- SHA256
  
  7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80
- SHA512
  
  5dcd64e7391cccc86f0583e156396076b46a5745274c00baeb1683b5f29676924709a85431e700dfa83ff49d83f3347e444793fcd8f1db96d12ed75170d5348b
- SSDEEP
  
  12288:JQhfzq4kq73ToS0K9mK9jC+K91fzq4kmILv:eT7C8m8jR8Riv
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2