acd650f84e0d7014bac9c9450c1021c20b65fe64f5ed5ab4a61ff6d1b9f299b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

acd650f84e0d7014bac9c9450c1021c20b65fe64f5ed5ab4a61ff6d1b9f299b4
Size

697KB
Sample

221128-jw468acg4z
MD5

1def8bd7d81b17614b3c602cfd4c1f39
SHA1

9f8490356215bc74f62d050ee0f12c97c8aae413
SHA256

acd650f84e0d7014bac9c9450c1021c20b65fe64f5ed5ab4a61ff6d1b9f299b4
SHA512

40c0e59a7f945f3961f4a7de1b18f719035be3bc1563841ca8ef721ddf15e51c84eeb5c9571ca0e1b5091b215cdab2bad1cc6a529bb2b1aaf2855345b36bc917
SSDEEP

12288:agmA1v7TFZVjAS7ePBjXSWSvTE+w0Pg5x6Sw7AY5uviMbYgyNEfVsVWkGa2oh:aggS+BjXS1vTC0PkUxDMYnEfVsVWkG

Score

8^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  acd650f84e0d7014bac9c9450c1021c20b65fe64f5ed5ab4a61ff6d1b9f299b4
- Size
  
  697KB
- MD5
  
  1def8bd7d81b17614b3c602cfd4c1f39
- SHA1
  
  9f8490356215bc74f62d050ee0f12c97c8aae413
- SHA256
  
  acd650f84e0d7014bac9c9450c1021c20b65fe64f5ed5ab4a61ff6d1b9f299b4
- SHA512
  
  40c0e59a7f945f3961f4a7de1b18f719035be3bc1563841ca8ef721ddf15e51c84eeb5c9571ca0e1b5091b215cdab2bad1cc6a529bb2b1aaf2855345b36bc917
- SSDEEP
  
  12288:agmA1v7TFZVjAS7ePBjXSWSvTE+w0Pg5x6Sw7AY5uviMbYgyNEfVsVWkGa2oh:aggS+BjXS1vTC0PkUxDMYnEfVsVWkG
Score

8^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

discoveryevasionpersistencetrojan