5099a783f271f3b7a3e131739e87d5b5b868f905eff5dee2e592c9e4f207e710 | Triage

Sharing

General

Target

5099a783f271f3b7a3e131739e87d5b5b868f905eff5dee2e592c9e4f207e710
Size

205KB
Sample

221123-vr5sqscg4v
MD5

70bc8fec8f3104623c8b0578b78a1b01
SHA1

9a01ce3adf3475aaf56175db269fc17df0d66f3a
SHA256

5099a783f271f3b7a3e131739e87d5b5b868f905eff5dee2e592c9e4f207e710
SHA512

38e4654268e340943561b6602302586b074eb6b8e7ea5cf759f17992d52ef23d1ffdd03490698eb208b3280e3bf7ac7efe159dfc3c34cd3429709e0a041afd8e
SSDEEP

3072:Da1oZzHYQqLLxXKSzyvgV1S/gacbiSSknshDhkIB9gynVVVHIgeBBHCOhkC:DhrZeyvgV14ks0sbHryRL

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  5099a783f271f3b7a3e131739e87d5b5b868f905eff5dee2e592c9e4f207e710
- Size
  
  205KB
- MD5
  
  70bc8fec8f3104623c8b0578b78a1b01
- SHA1
  
  9a01ce3adf3475aaf56175db269fc17df0d66f3a
- SHA256
  
  5099a783f271f3b7a3e131739e87d5b5b868f905eff5dee2e592c9e4f207e710
- SHA512
  
  38e4654268e340943561b6602302586b074eb6b8e7ea5cf759f17992d52ef23d1ffdd03490698eb208b3280e3bf7ac7efe159dfc3c34cd3429709e0a041afd8e
- SSDEEP
  
  3072:Da1oZzHYQqLLxXKSzyvgV1S/gacbiSSknshDhkIB9gynVVVHIgeBBHCOhkC:DhrZeyvgV14ks0sbHryRL
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2