511eaa288ccc82e406b899ddc58c94e256b038cf7b1aefbc9061caee9cd72265 | Triage

Sharing

General

Target

4ae75f779b27d95d33d9d1611a929f91ccfd8b99
Size

432KB
Sample

230110-cnpm8shd87
MD5

1b018d2a6ad00bbb0234c70ebecc5f01
SHA1

4ae75f779b27d95d33d9d1611a929f91ccfd8b99
SHA256

511eaa288ccc82e406b899ddc58c94e256b038cf7b1aefbc9061caee9cd72265
SHA512

3b5122dda3ab994bee136f2878c7d283e9d1ea96ff7afe67f905e7fc5b55090a248431d5ae34084e184184bcf49066859920959112bd864d09eabac9bffac79c
SSDEEP

6144:8yiMagk06qtnhKZ53rw9mN7bTlPPfewOZwMUQS1GTMNxsFTmekZaGemyLf97IlO3:8yiq6qRYv3rpQIQkGINxsQ5mSr

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  4ae75f779b27d95d33d9d1611a929f91ccfd8b99
- Size
  
  432KB
- MD5
  
  1b018d2a6ad00bbb0234c70ebecc5f01
- SHA1
  
  4ae75f779b27d95d33d9d1611a929f91ccfd8b99
- SHA256
  
  511eaa288ccc82e406b899ddc58c94e256b038cf7b1aefbc9061caee9cd72265
- SHA512
  
  3b5122dda3ab994bee136f2878c7d283e9d1ea96ff7afe67f905e7fc5b55090a248431d5ae34084e184184bcf49066859920959112bd864d09eabac9bffac79c
- SSDEEP
  
  6144:8yiMagk06qtnhKZ53rw9mN7bTlPPfewOZwMUQS1GTMNxsFTmekZaGemyLf97IlO3:8yiq6qRYv3rpQIQkGINxsQ5mSr
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2