Overview

overview

10

Static

static

img_111020...34.jar

windows7-x64

10

img_111020...34.jar

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77829449a3d3ebfd15429f1a50df0ee448d048e16b230f4664d8c048f5aba602

  • Size

    127KB

  • Sample

    221124-kavw4abc43

  • MD5

    3aa9bed436349ac37adc03e6cfa91f89

  • SHA1

    d08e3742198f758b9fd70a6d83506fecdfee1951

  • SHA256

    77829449a3d3ebfd15429f1a50df0ee448d048e16b230f4664d8c048f5aba602

  • SHA512

    bb9eb75042fb95c1af70ec7600b164bcf257c55c2f786d40bda402cd949ae600fb835ee6a4d9edee84ebe32da137193bbbd7d10e0ccea68d8f814d611a3b10ad

  • SSDEEP

    3072:o5V3Ew8DNNJTMiYSdR4XMg0cyBT3CPvXWjfqLXbRQ1fFOpU:okNq6RiivBLC3KyLGNOG

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      img_11102014_120534.jar

    • Size

      128KB

    • MD5

      d5ba303f4326815a99d05a0c0b301c05

    • SHA1

      560c1b8a887ca16b25f5366b3b806a93acdaaf96

    • SHA256

      a92e94ee99255c8995d8f7fa9d4c1a74f868c1d1305a3873f4d5e5b4c018316c

    • SHA512

      c0b23d8f0abfdc155ac6412d4593009abcc695de68c6cfeebd6112593151c1c1b90f1b6fb125a76d2621f0d109d5e4e75d055219e83f790eb61fe58d635330c6

    • SSDEEP

      3072:75V3Ew8DNNJTMiYqpTJAJKMRXcCqfrCUMBpXOg84WoUeoLNTFy:7kNqRJ1RXcUBpXOjOjCNTFy

    Score
    10/10
    evasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Disables Task Manager via registry modification

      evasion

    • Disables use of System Restore points

      evasion

    • Sets file execution options in registry

      persistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Hidden Files and Directories

2
T1158

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

4
T1112

Hidden Files and Directories

2
T1158

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1
T1490

Tasks