df0469132cfa03455c1e09709e74c94c2ce1ee31db2c5aed3e55e9609eb03863 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df0469132cfa03455c1e09709e74c94c2ce1ee31db2c5aed3e55e9609eb03863.bin
Size

1.1MB
Sample

230501-xffetadh63
MD5

56ad8f7ef4769cc063c9a948e4d352ca
SHA1

7cc9c6803b5eac6a832529d0ada5c2581f684ce0
SHA256

df0469132cfa03455c1e09709e74c94c2ce1ee31db2c5aed3e55e9609eb03863
SHA512

683cfb8f5244c903cbaa3e04d3ed4492dda26bd5a85b5eb1d1b706da17b08bd29347b473d12758cf9adc5e54b4a8c45667c1d9f2d77ee9fff347b987d0d9dea4
SSDEEP

24576:zywxfwArc96k1us8VeaoJ5eiawfibDzkDbZv:Gwf3ANZ6ea05uwKPzs

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  df0469132cfa03455c1e09709e74c94c2ce1ee31db2c5aed3e55e9609eb03863.bin
- Size
  
  1.1MB
- MD5
  
  56ad8f7ef4769cc063c9a948e4d352ca
- SHA1
  
  7cc9c6803b5eac6a832529d0ada5c2581f684ce0
- SHA256
  
  df0469132cfa03455c1e09709e74c94c2ce1ee31db2c5aed3e55e9609eb03863
- SHA512
  
  683cfb8f5244c903cbaa3e04d3ed4492dda26bd5a85b5eb1d1b706da17b08bd29347b473d12758cf9adc5e54b4a8c45667c1d9f2d77ee9fff347b987d0d9dea4
- SSDEEP
  
  24576:zywxfwArc96k1us8VeaoJ5eiawfibDzkDbZv:Gwf3ANZ6ea05uwKPzs
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan