ad4021f9b8bbfc73ec3341e9cb14e354ef8927061e9a58eb552cb43d888c1cbc | Triage

Sharing

General

Target

ad4021f9b8bbfc73ec3341e9cb14e354ef8927061e9a58eb552cb43d888c1cbc
Size

815KB
Sample

221128-ewdxtaab5s
MD5

5828df581654354dd630e6f7ecf6d905
SHA1

8b08129b8f9f90b532500622a9fa07f19e779f9b
SHA256

ad4021f9b8bbfc73ec3341e9cb14e354ef8927061e9a58eb552cb43d888c1cbc
SHA512

9cac74fc500f15bb273ea3b03d1653b695aad4103651d92bf95e659c5d769a61841cd21a37dea11e3ddbc8b195e8387018683837888c55cf9af31f3e16bedc0d
SSDEEP

12288:pDAW5TcWPBctKRqB77PhIVD/cWQsD+VC+4j05cuKnxUA4WAFDWiVHcn8EcuUtZgW:pzlitKC77ZIN/cJsgqZAe7cHZg30lF

Score

8^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  ad4021f9b8bbfc73ec3341e9cb14e354ef8927061e9a58eb552cb43d888c1cbc
- Size
  
  815KB
- MD5
  
  5828df581654354dd630e6f7ecf6d905
- SHA1
  
  8b08129b8f9f90b532500622a9fa07f19e779f9b
- SHA256
  
  ad4021f9b8bbfc73ec3341e9cb14e354ef8927061e9a58eb552cb43d888c1cbc
- SHA512
  
  9cac74fc500f15bb273ea3b03d1653b695aad4103651d92bf95e659c5d769a61841cd21a37dea11e3ddbc8b195e8387018683837888c55cf9af31f3e16bedc0d
- SSDEEP
  
  12288:pDAW5TcWPBctKRqB77PhIVD/cWQsD+VC+4j05cuKnxUA4WAFDWiVHcn8EcuUtZgW:pzlitKC77ZIN/cJsgqZAe7cHZg30lF
Score

8^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

discoveryevasionpersistencetrojan