f75901e840bc68a51573de50097f8dfb8e4667cf8dceaf3d632cd2ea7d494546 | Triage

Sharing

General

Target

f75901e840bc68a51573de50097f8dfb8e4667cf8dceaf3d632cd2ea7d494546
Size

73KB
Sample

221124-va4t4sga43
MD5

e36ff18f794ff51c15c08bac37d4c431
SHA1

48361224b386e7ec007f2cdb1f7a55a0dba965ad
SHA256

f75901e840bc68a51573de50097f8dfb8e4667cf8dceaf3d632cd2ea7d494546
SHA512

c1ec260e14b7aaa988c90efaf15b71e88e2fc23781128f08f5a67fd27520d944e9e8aa7c7613fe9c2646d9fd042392ec391de8db869acbd86f1f6d0e63f62291
SSDEEP

1536:8W2zMKzBAxiURheeZzXFMShQKUwlMsWS+lskBW1SVyh+BCtQ:KMSBIiURhNzXFMeUXsWS+lskBW9b

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  f75901e840bc68a51573de50097f8dfb8e4667cf8dceaf3d632cd2ea7d494546
- Size
  
  73KB
- MD5
  
  e36ff18f794ff51c15c08bac37d4c431
- SHA1
  
  48361224b386e7ec007f2cdb1f7a55a0dba965ad
- SHA256
  
  f75901e840bc68a51573de50097f8dfb8e4667cf8dceaf3d632cd2ea7d494546
- SHA512
  
  c1ec260e14b7aaa988c90efaf15b71e88e2fc23781128f08f5a67fd27520d944e9e8aa7c7613fe9c2646d9fd042392ec391de8db869acbd86f1f6d0e63f62291
- SSDEEP
  
  1536:8W2zMKzBAxiURheeZzXFMShQKUwlMsWS+lskBW1SVyh+BCtQ:KMSBIiURhNzXFMeUXsWS+lskBW9b
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2