2e16dc565d777029076f1a44ab5b52b878aab0ff20e920bd7ef8d97113d98408 | Triage

Sharing

General

Target

2e16dc565d777029076f1a44ab5b52b878aab0ff20e920bd7ef8d97113d98408
Size

58KB
Sample

221126-kn1phaac2y
MD5

0958465b74302c5f2c6d6770943e9878
SHA1

c4ece41f69f43b83ea3e3179033edcfa721eecba
SHA256

2e16dc565d777029076f1a44ab5b52b878aab0ff20e920bd7ef8d97113d98408
SHA512

bd119eb24aad209aa1fb32854d070f9491f06b951fc001ab5f1a1572aa62243fd6952fe97473603f2c6ca898382efdcbbd7db784d2f9c850639f761f5c441e73
SSDEEP

768:BnHdzKlCr/hZK4Ai96uJekCvcUz6BofpR9LQidSe6PLHcW0YtNlo+l:BHxKMZZwhuw7z6BwcidSeCDtNlo

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  2e16dc565d777029076f1a44ab5b52b878aab0ff20e920bd7ef8d97113d98408
- Size
  
  58KB
- MD5
  
  0958465b74302c5f2c6d6770943e9878
- SHA1
  
  c4ece41f69f43b83ea3e3179033edcfa721eecba
- SHA256
  
  2e16dc565d777029076f1a44ab5b52b878aab0ff20e920bd7ef8d97113d98408
- SHA512
  
  bd119eb24aad209aa1fb32854d070f9491f06b951fc001ab5f1a1572aa62243fd6952fe97473603f2c6ca898382efdcbbd7db784d2f9c850639f761f5c441e73
- SSDEEP
  
  768:BnHdzKlCr/hZK4Ai96uJekCvcUz6BofpR9LQidSe6PLHcW0YtNlo+l:BHxKMZZwhuw7z6BwcidSeCDtNlo
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2