e85b490ae2b0d55ab4e8abcc41f06597bae2588d339640c0f9e11ad65a8012b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e85b490ae2b0d55ab4e8abcc41f06597bae2588d339640c0f9e11ad65a8012b6
Size

96KB
Sample

221203-zdfc5sgh3z
MD5

18e6370a84aec2e649bec006772fb5ef
SHA1

064710ed66c090048821adbb5f946ec2a13214d3
SHA256

e85b490ae2b0d55ab4e8abcc41f06597bae2588d339640c0f9e11ad65a8012b6
SHA512

3a244c6a2331850f2ddd6cba5551d3207aaa68c0e6c6426a9d378f9e059814a0b53227efe3729b801bb08369ec3f0c57f9839e5c397ce24a144f318009fbedad
SSDEEP

1536:40Qqnnu9gAx7mkE+oKi8vkptLAOz8lW6:+l9gx1JKBkptEO+W

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  e85b490ae2b0d55ab4e8abcc41f06597bae2588d339640c0f9e11ad65a8012b6
- Size
  
  96KB
- MD5
  
  18e6370a84aec2e649bec006772fb5ef
- SHA1
  
  064710ed66c090048821adbb5f946ec2a13214d3
- SHA256
  
  e85b490ae2b0d55ab4e8abcc41f06597bae2588d339640c0f9e11ad65a8012b6
- SHA512
  
  3a244c6a2331850f2ddd6cba5551d3207aaa68c0e6c6426a9d378f9e059814a0b53227efe3729b801bb08369ec3f0c57f9839e5c397ce24a144f318009fbedad
- SSDEEP
  
  1536:40Qqnnu9gAx7mkE+oKi8vkptLAOz8lW6:+l9gx1JKBkptEO+W
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan