a74ffc3c4bb7a4f445c64b1b7b01536b7850537c8c3ecebbb7cbbd31e4b57206 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a74ffc3c4bb7a4f445c64b1b7b01536b7850537c8c3ecebbb7cbbd31e4b57206
Size

363KB
Sample

221128-gksb6sae68
MD5

bf7f4892f5ba7a7d90ac1c9f7d2434c9
SHA1

83b7e6508988b4eda6b45e7b7f360c2298bebaa1
SHA256

a74ffc3c4bb7a4f445c64b1b7b01536b7850537c8c3ecebbb7cbbd31e4b57206
SHA512

981ee7e83badea44d2d7bd618c55b809afa06b09823ec06d2cd083c7807b71ce6e003094c562a1a7a98e06149d85a7a446b016b7734a9cbeef974fb7010ddc45
SSDEEP

6144:lZIuRMMha4hib4j8jf51Qx7O6bcLehsEwkoK/6ERdFQJdlMu6lb/01apjbV6m8lL:lZ9RMMQx4ojf51aTcK0NEQUd0op3QlL

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  a74ffc3c4bb7a4f445c64b1b7b01536b7850537c8c3ecebbb7cbbd31e4b57206
- Size
  
  363KB
- MD5
  
  bf7f4892f5ba7a7d90ac1c9f7d2434c9
- SHA1
  
  83b7e6508988b4eda6b45e7b7f360c2298bebaa1
- SHA256
  
  a74ffc3c4bb7a4f445c64b1b7b01536b7850537c8c3ecebbb7cbbd31e4b57206
- SHA512
  
  981ee7e83badea44d2d7bd618c55b809afa06b09823ec06d2cd083c7807b71ce6e003094c562a1a7a98e06149d85a7a446b016b7734a9cbeef974fb7010ddc45
- SSDEEP
  
  6144:lZIuRMMha4hib4j8jf51Qx7O6bcLehsEwkoK/6ERdFQJdlMu6lb/01apjbV6m8lL:lZ9RMMQx4ojf51aTcK0NEQUd0op3QlL
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2