ef002a68388980b68d6fda275acd84ec7ad72fd7e0adce12741d0d8ff30ed450 | Triage

Sharing

General

Target

ef002a68388980b68d6fda275acd84ec7ad72fd7e0adce12741d0d8ff30ed450
Size

820KB
Sample

221124-nwensabe65
MD5

56b23a5a056b94a34aaea88cec34dbbd
SHA1

251281da4d1c9653591406b3ab8360522237fd84
SHA256

ef002a68388980b68d6fda275acd84ec7ad72fd7e0adce12741d0d8ff30ed450
SHA512

f26fa042e5e5484800c3939db4a048c0ab5066ecbc8c953d4eca7be82f0df51c4de770d20b726c00540837488fbd9df515d7820024815c7ef33b78e7833c0adf
SSDEEP

12288:2t1AYbWCCdCSW+9br9IzWP0CqHxZGRO7o/JwreBkURXQgGEYGILZX5Qbt90B+PaK:2t3SLWO03xwQ7oxw2lqLEYG9r4M8Xp7W

Score

8^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  ef002a68388980b68d6fda275acd84ec7ad72fd7e0adce12741d0d8ff30ed450
- Size
  
  820KB
- MD5
  
  56b23a5a056b94a34aaea88cec34dbbd
- SHA1
  
  251281da4d1c9653591406b3ab8360522237fd84
- SHA256
  
  ef002a68388980b68d6fda275acd84ec7ad72fd7e0adce12741d0d8ff30ed450
- SHA512
  
  f26fa042e5e5484800c3939db4a048c0ab5066ecbc8c953d4eca7be82f0df51c4de770d20b726c00540837488fbd9df515d7820024815c7ef33b78e7833c0adf
- SSDEEP
  
  12288:2t1AYbWCCdCSW+9br9IzWP0CqHxZGRO7o/JwreBkURXQgGEYGILZX5Qbt90B+PaK:2t3SLWO03xwQ7oxw2lqLEYG9r4M8Xp7W
Score

8^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

discoveryevasionpersistencetrojan