e3aff9ac7fffd61ce96b4fc9243af33e563686d18f1feea3b2322239311ba3b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e3aff9ac7fffd61ce96b4fc9243af33e563686d18f1feea3b2322239311ba3b1.bin
Size

1.1MB
Sample

230501-xjd16aga3w
MD5

b049d65850ca8cab2e3744e35cbd38f7
SHA1

59374c7b08321373d1d62f2ebf88200787f6ddf0
SHA256

e3aff9ac7fffd61ce96b4fc9243af33e563686d18f1feea3b2322239311ba3b1
SHA512

395d207d53eeea52f759eadf78d575ed17aaa9baa4b024cef3b78f2afda890bcdc2a15d5112dc02d9602b7abaa93f601dc27451076e343a35fc2c2244d30b9b0
SSDEEP

24576:Qyhc7JLZq1Ae3HkzqDhca7PQM+mGdjH/meZMrxNY:XhBA8cqDqabQbzjHu1P

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  e3aff9ac7fffd61ce96b4fc9243af33e563686d18f1feea3b2322239311ba3b1.bin
- Size
  
  1.1MB
- MD5
  
  b049d65850ca8cab2e3744e35cbd38f7
- SHA1
  
  59374c7b08321373d1d62f2ebf88200787f6ddf0
- SHA256
  
  e3aff9ac7fffd61ce96b4fc9243af33e563686d18f1feea3b2322239311ba3b1
- SHA512
  
  395d207d53eeea52f759eadf78d575ed17aaa9baa4b024cef3b78f2afda890bcdc2a15d5112dc02d9602b7abaa93f601dc27451076e343a35fc2c2244d30b9b0
- SSDEEP
  
  24576:Qyhc7JLZq1Ae3HkzqDhca7PQM+mGdjH/meZMrxNY:XhBA8cqDqabQbzjHu1P
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan