28f6adfb989c1450f7e836b279728481ea0e50aa37d2b6f821b509a2e52d21bd | Triage

Sharing

General

Target

28f6adfb989c1450f7e836b279728481ea0e50aa37d2b6f821b509a2e52d21bd
Size

384KB
Sample

221126-23xd3afc7t
MD5

f48d7bfbe7efdd271772da9e6b3bb159
SHA1

9c8768a2b69c991096a64f54a5472b12b0ca19fc
SHA256

28f6adfb989c1450f7e836b279728481ea0e50aa37d2b6f821b509a2e52d21bd
SHA512

6b060e4abc27c5be821f919167d0f409a228f3939d138d7d51fc9d6c050bc8173651c1d92ffeb49628b63dde407e051fe51afdd16927e136aee3f75a1c2ee018
SSDEEP

6144:LdcOw8EDvHeW55VLI/aDSABTMsFTMQh1tqbV/vA+Hghnns390EhvULzEgPUn/Z:5uLX1LD9BTfFTllqbt4+AdSKv/Pk

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  28f6adfb989c1450f7e836b279728481ea0e50aa37d2b6f821b509a2e52d21bd
- Size
  
  384KB
- MD5
  
  f48d7bfbe7efdd271772da9e6b3bb159
- SHA1
  
  9c8768a2b69c991096a64f54a5472b12b0ca19fc
- SHA256
  
  28f6adfb989c1450f7e836b279728481ea0e50aa37d2b6f821b509a2e52d21bd
- SHA512
  
  6b060e4abc27c5be821f919167d0f409a228f3939d138d7d51fc9d6c050bc8173651c1d92ffeb49628b63dde407e051fe51afdd16927e136aee3f75a1c2ee018
- SSDEEP
  
  6144:LdcOw8EDvHeW55VLI/aDSABTMsFTMQh1tqbV/vA+Hghnns390EhvULzEgPUn/Z:5uLX1LD9BTfFTllqbt4+AdSKv/Pk
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2