71d0c72cfc60fa95069b8ab282f8a29ded35f497382d480b5ff41a6330fd454c | Triage

Sharing

General

Target

71d0c72cfc60fa95069b8ab282f8a29ded35f497382d480b5ff41a6330fd454c
Size

73KB
Sample

221124-l112gaac6s
MD5

9bf01aed1ff500f95bd8bebd6adbd0fc
SHA1

c9bb09c835743816a723285d6558c87ea3c5c019
SHA256

71d0c72cfc60fa95069b8ab282f8a29ded35f497382d480b5ff41a6330fd454c
SHA512

71fa3cd2aa8350ae807eb4368b2593006c49f43d685c4b1d3d737cb6fb134fe88667a037f93f4e5718c8c1c903d981e2a201085ebac2d77694c62279b60994b9
SSDEEP

1536:VwJOoN1oYaoZ5iV685XJPClxWs20KsmwZwji+f01Lzp966SJEWFP6:VwJ52Y7ZoH5XJalxWtP56wjirvnSJ76

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  71d0c72cfc60fa95069b8ab282f8a29ded35f497382d480b5ff41a6330fd454c
- Size
  
  73KB
- MD5
  
  9bf01aed1ff500f95bd8bebd6adbd0fc
- SHA1
  
  c9bb09c835743816a723285d6558c87ea3c5c019
- SHA256
  
  71d0c72cfc60fa95069b8ab282f8a29ded35f497382d480b5ff41a6330fd454c
- SHA512
  
  71fa3cd2aa8350ae807eb4368b2593006c49f43d685c4b1d3d737cb6fb134fe88667a037f93f4e5718c8c1c903d981e2a201085ebac2d77694c62279b60994b9
- SSDEEP
  
  1536:VwJOoN1oYaoZ5iV685XJPClxWs20KsmwZwji+f01Lzp966SJEWFP6:VwJ52Y7ZoH5XJalxWtP56wjirvnSJ76
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2