ea60123ec363610c8cfcd0ad5f0ab2832934af69a3c715020a09e6d907691d4c | Triage

Sharing

General

Target

7ev3n.zip
Size

139KB
Sample

230331-3q9z3aee37
MD5

c6f3d62c4fb57212172d358231e027bc
SHA1

11276d7a49093a51f04667975e718bb15bc1289b
SHA256

ea60123ec363610c8cfcd0ad5f0ab2832934af69a3c715020a09e6d907691d4c
SHA512

0f58acac541e6dece45949f4bee300e5bbb15ff1e60defe6b854ff4fb57579b18718b313bce425999d3f24319cfb3034cd05ebff0ecbd4c55ce42c7f59169b44
SSDEEP

3072:4JB/Rmo5VYvT/dQVB3gUm1lnjhvBzXL0x2vkRFd+OqpzdyG6osCvS8LS7:CF5VYDmVBhm1lnjhvBrLqHDydyLCqd

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  [email protected]
- Size
  
  315KB
- MD5
  
  9f8bc96c96d43ecb69f883388d228754
- SHA1
  
  61ed25a706afa2f6684bb4d64f69c5fb29d20953
- SHA256
  
  7d373ccb96d1dbb1856ef31afa87c2112a0c1795a796ab01cb154700288afec5
- SHA512
  
  550a891c1059f58aa983138caf65a7ea9c326cb1b94c15f3e7594128f6e9f1295b9c2dbc0925637dba7c94e938083fffc6a63dc7c2e5b1e247679931cce505c6
- SSDEEP
  
  6144:BswDdb2MemnBVlz0SoVbO4A6OA4Trl28TyT6llY1/I8cWJWlfTXv:BswRSslz0P1OdFXJlJ8buXv
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan