7fa252528f82922ea910be2f1fce00f6c7eec3dbd80c18c6877db608ce9da4f1 | Triage

Sharing

General

Target

7fa252528f82922ea910be2f1fce00f6c7eec3dbd80c18c6877db608ce9da4f1
Size

192KB
Sample

221124-253c4aaa31
MD5

e8c22dd3784b6217291569341a3ec9a9
SHA1

20727ed83c2ed95130dca5f8e5cd48f37a4f4abc
SHA256

7fa252528f82922ea910be2f1fce00f6c7eec3dbd80c18c6877db608ce9da4f1
SHA512

010a6490f4e3579c024b54dcf867f197bce17d4babc888bc74a3ee03e6c04b25634054f69340e7e089e44078341bd426b1d20cbcc7777b6c838f2ea8752544e4
SSDEEP

3072:9ka+dKK8ZXPDHw7PrL+UsbaiSrHbyXny9CPA9ZlxFILj6:9ka+oK8ZrHw7/M2CMl1

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  7fa252528f82922ea910be2f1fce00f6c7eec3dbd80c18c6877db608ce9da4f1
- Size
  
  192KB
- MD5
  
  e8c22dd3784b6217291569341a3ec9a9
- SHA1
  
  20727ed83c2ed95130dca5f8e5cd48f37a4f4abc
- SHA256
  
  7fa252528f82922ea910be2f1fce00f6c7eec3dbd80c18c6877db608ce9da4f1
- SHA512
  
  010a6490f4e3579c024b54dcf867f197bce17d4babc888bc74a3ee03e6c04b25634054f69340e7e089e44078341bd426b1d20cbcc7777b6c838f2ea8752544e4
- SSDEEP
  
  3072:9ka+dKK8ZXPDHw7PrL+UsbaiSrHbyXny9CPA9ZlxFILj6:9ka+oK8ZrHw7/M2CMl1
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2