c32148c38b5a20a2d82637f71880c6d09af043dc32b5f3ac3eef557b877ab082 | Triage

Sharing

General

Target

c32148c38b5a20a2d82637f71880c6d09af043dc32b5f3ac3eef557b877ab082
Size

436KB
Sample

221124-ydxrrahf2w
MD5

25bb30c3cc364e8470b2e7a662005b19
SHA1

81292b15c82ea52607d34b1ea7be7bc14b4e40cc
SHA256

c32148c38b5a20a2d82637f71880c6d09af043dc32b5f3ac3eef557b877ab082
SHA512

f39fe5eff92475747362d0c0cff92e84b2143888758c600badfc0e76841d6060861e9b8e1ea5829a35b4c68a79072beed140b6e25a4addb37d99f2dc7687af16
SSDEEP

6144:bIJrUosyu3TjHNLmOlw+ewCXL0JXX8lGklD0LH9tYkIHA7fp2l4wX+ZGg3BPstP:bI5UiuDjtaFLOXQDYtp0Y2W1Qq4

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  c32148c38b5a20a2d82637f71880c6d09af043dc32b5f3ac3eef557b877ab082
- Size
  
  436KB
- MD5
  
  25bb30c3cc364e8470b2e7a662005b19
- SHA1
  
  81292b15c82ea52607d34b1ea7be7bc14b4e40cc
- SHA256
  
  c32148c38b5a20a2d82637f71880c6d09af043dc32b5f3ac3eef557b877ab082
- SHA512
  
  f39fe5eff92475747362d0c0cff92e84b2143888758c600badfc0e76841d6060861e9b8e1ea5829a35b4c68a79072beed140b6e25a4addb37d99f2dc7687af16
- SSDEEP
  
  6144:bIJrUosyu3TjHNLmOlw+ewCXL0JXX8lGklD0LH9tYkIHA7fp2l4wX+ZGg3BPstP:bI5UiuDjtaFLOXQDYtp0Y2W1Qq4
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2