f59f85c31850ad4e7a2014ca0d49d59ab86e452a9e2ca8d1517bd5990a01d6d9 | Triage

Sharing

General

Target

f59f85c31850ad4e7a2014ca0d49d59ab86e452a9e2ca8d1517bd5990a01d6d9
Size

4.9MB
Sample

221124-nt78babd92
MD5

db8a38379ad5247898089092cde44b15
SHA1

69cc18b0fffa49bbf447fc4efd7a0103493a7147
SHA256

f59f85c31850ad4e7a2014ca0d49d59ab86e452a9e2ca8d1517bd5990a01d6d9
SHA512

b4499968c60413b022421393ed499d762d4b08d62cc8062a7ab9664d81f7357b22cf9557f69a423b68868a9556337695d7c9c760cea4e9deaaa8a08dad0432b7
SSDEEP

98304:LtrbTA1fxCJ3JpUn1mWturpGwGsq1ixQHP542VjFL05FmO:Rc1W5an1yrUKq1s65TVjt0mO

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  f59f85c31850ad4e7a2014ca0d49d59ab86e452a9e2ca8d1517bd5990a01d6d9
- Size
  
  4.9MB
- MD5
  
  db8a38379ad5247898089092cde44b15
- SHA1
  
  69cc18b0fffa49bbf447fc4efd7a0103493a7147
- SHA256
  
  f59f85c31850ad4e7a2014ca0d49d59ab86e452a9e2ca8d1517bd5990a01d6d9
- SHA512
  
  b4499968c60413b022421393ed499d762d4b08d62cc8062a7ab9664d81f7357b22cf9557f69a423b68868a9556337695d7c9c760cea4e9deaaa8a08dad0432b7
- SSDEEP
  
  98304:LtrbTA1fxCJ3JpUn1mWturpGwGsq1ixQHP542VjFL05FmO:Rc1W5an1yrUKq1s65TVjt0mO
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan