d3c9fb925cc60b34166711d806f34592b333e3555d30a8957e89d08771768870 | Triage

Sharing

General

Target

d3c9fb925cc60b34166711d806f34592b333e3555d30a8957e89d08771768870
Size

43KB
Sample

221126-2qrcaaed4y
MD5

0c054d512ebfcdade1a7ba714bfcf15f
SHA1

26a8e96a5869dde53c2a731faa46e4e6d05c02f7
SHA256

d3c9fb925cc60b34166711d806f34592b333e3555d30a8957e89d08771768870
SHA512

43f20ffc30d514182d8ab81859339a8d20b8ca4f40787d9745408e7a595b5152bf73ff984ae9d69ce88cacba7e2b8c2fbf68bc5782986eb4209374e9229cab9e
SSDEEP

768:3kPCnFY+CynO+svwSkhmN8A8Yqrh8tW8hJJdcMyi+y+YksHZC:UPCnOZVvwSkhmm1YqrC7vcMyi+yHHZC

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  d3c9fb925cc60b34166711d806f34592b333e3555d30a8957e89d08771768870
- Size
  
  43KB
- MD5
  
  0c054d512ebfcdade1a7ba714bfcf15f
- SHA1
  
  26a8e96a5869dde53c2a731faa46e4e6d05c02f7
- SHA256
  
  d3c9fb925cc60b34166711d806f34592b333e3555d30a8957e89d08771768870
- SHA512
  
  43f20ffc30d514182d8ab81859339a8d20b8ca4f40787d9745408e7a595b5152bf73ff984ae9d69ce88cacba7e2b8c2fbf68bc5782986eb4209374e9229cab9e
- SSDEEP
  
  768:3kPCnFY+CynO+svwSkhmN8A8Yqrh8tW8hJJdcMyi+y+YksHZC:UPCnOZVvwSkhmm1YqrC7vcMyi+yHHZC
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2