762b168ed170aad51d8330f3a857b08ce7a26e71769ab666e37acecfee75ecf5 | Triage

Sharing

General

Target

762b168ed170aad51d8330f3a857b08ce7a26e71769ab666e37acecfee75ecf5
Size

60KB
Sample

221124-3ndh3sbb21
MD5

f6a323ae7505c125e206d4a47c35a2b6
SHA1

e4eac6912121362c4b2859605d2ec27b8523a9b5
SHA256

762b168ed170aad51d8330f3a857b08ce7a26e71769ab666e37acecfee75ecf5
SHA512

8cb287f5cb5e0a07831a3dd0f239db7656acf95c98dc3a40e89cd464955886a12dbcf9515fd13c708448b8f9998091f527a7ba03abc04ee41d76829494dd193c
SSDEEP

1536:/INN3t3j82R95giCg/GncQDY4Y7oZ+vx7Z:/Iv9jHv5SJcQDY4byN

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  762b168ed170aad51d8330f3a857b08ce7a26e71769ab666e37acecfee75ecf5
- Size
  
  60KB
- MD5
  
  f6a323ae7505c125e206d4a47c35a2b6
- SHA1
  
  e4eac6912121362c4b2859605d2ec27b8523a9b5
- SHA256
  
  762b168ed170aad51d8330f3a857b08ce7a26e71769ab666e37acecfee75ecf5
- SHA512
  
  8cb287f5cb5e0a07831a3dd0f239db7656acf95c98dc3a40e89cd464955886a12dbcf9515fd13c708448b8f9998091f527a7ba03abc04ee41d76829494dd193c
- SSDEEP
  
  1536:/INN3t3j82R95giCg/GncQDY4Y7oZ+vx7Z:/Iv9jHv5SJcQDY4byN
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2