cf5120af81b5c6806445b62f3b340dbf70abb06e4b5429010e0edd9a5ea337bd | Triage

Sharing

General

Target

cf5120af81b5c6806445b62f3b340dbf70abb06e4b5429010e0edd9a5ea337bd
Size

99KB
Sample

221123-tbjpwsde82
MD5

01a7523ac7935209ab4fe8e7cf5929f3
SHA1

1c51e72487a7a72a8edc494e4785586523d54554
SHA256

cf5120af81b5c6806445b62f3b340dbf70abb06e4b5429010e0edd9a5ea337bd
SHA512

8cc05677e15359ad06d609258fdb996e5e6ea8683cc49b595ac7a627265c1fa8e828cea7a97657326d8261c42a803e0d70f582387fc6579aede7f7a9b02a1e1f
SSDEEP

1536:8W2zMKzBAxiURheeZzXFMShQKUwlMsWS+lskBW1SVyh+BCtQ:KMSBIiURhNzXFMeUXsWS+lskBW9b

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  cf5120af81b5c6806445b62f3b340dbf70abb06e4b5429010e0edd9a5ea337bd
- Size
  
  99KB
- MD5
  
  01a7523ac7935209ab4fe8e7cf5929f3
- SHA1
  
  1c51e72487a7a72a8edc494e4785586523d54554
- SHA256
  
  cf5120af81b5c6806445b62f3b340dbf70abb06e4b5429010e0edd9a5ea337bd
- SHA512
  
  8cc05677e15359ad06d609258fdb996e5e6ea8683cc49b595ac7a627265c1fa8e828cea7a97657326d8261c42a803e0d70f582387fc6579aede7f7a9b02a1e1f
- SSDEEP
  
  1536:8W2zMKzBAxiURheeZzXFMShQKUwlMsWS+lskBW1SVyh+BCtQ:KMSBIiURhNzXFMeUXsWS+lskBW9b
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2