3408ba745b20af476679ff9b8f6e80195e1715d441855428607387cf0bf96fbd | Triage

Sharing

General

Target

3408ba745b20af476679ff9b8f6e80195e1715d441855428607387cf0bf96fbd
Size

152KB
Sample

221127-23akasba3v
MD5

0836e322639b8657b4962efc6417c435
SHA1

ffd316f58a0e0d055ebc6033bfa75011f2610822
SHA256

3408ba745b20af476679ff9b8f6e80195e1715d441855428607387cf0bf96fbd
SHA512

f96c40e2011a03f4fa7da9272d177db76bc7a2644d49d2dc1414c2e11b4abc181aa2f0b623ff36f3cc1b5c27e7fb99d1b4beb2496995d3387d6953710bf2ed48
SSDEEP

3072:zWl2Q/0M5kJJixTi2lmNEedkX1I4yQbJhn0wkKhJ:rM5SMdMfkX1I4yQbDkA

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  3408ba745b20af476679ff9b8f6e80195e1715d441855428607387cf0bf96fbd
- Size
  
  152KB
- MD5
  
  0836e322639b8657b4962efc6417c435
- SHA1
  
  ffd316f58a0e0d055ebc6033bfa75011f2610822
- SHA256
  
  3408ba745b20af476679ff9b8f6e80195e1715d441855428607387cf0bf96fbd
- SHA512
  
  f96c40e2011a03f4fa7da9272d177db76bc7a2644d49d2dc1414c2e11b4abc181aa2f0b623ff36f3cc1b5c27e7fb99d1b4beb2496995d3387d6953710bf2ed48
- SSDEEP
  
  3072:zWl2Q/0M5kJJixTi2lmNEedkX1I4yQbJhn0wkKhJ:rM5SMdMfkX1I4yQbDkA
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2