c36b1d216e34ddd91f2611d0adc3781e676a03b89e39b0f98addc89d3c5b13c7 | Triage

Sharing

General

Target

c36b1d216e34ddd91f2611d0adc3781e676a03b89e39b0f98addc89d3c5b13c7.bin
Size

1.1MB
Sample

230505-x6gesshc55
MD5

4b55fbf2b55cbdc967a1ae18a7e0f2e9
SHA1

59010b2c1dac3fb799853e410bacac8801a121dd
SHA256

c36b1d216e34ddd91f2611d0adc3781e676a03b89e39b0f98addc89d3c5b13c7
SHA512

56e4a15aa9603062c436d9df70402bf81d85be338914ae8774d07c6066c3d818bcfcc179151a0035d4a4d753eceb465bceb3d15cd2b3c2e984617c78fbbeb319
SSDEEP

24576:kyKfsFpR2jKuDF/CPSQDaNmIg2tISvqegZ/e2TgNaw1:zKfsFz2j1/cSQDaNmIgrnEEWL

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  c36b1d216e34ddd91f2611d0adc3781e676a03b89e39b0f98addc89d3c5b13c7.bin
- Size
  
  1.1MB
- MD5
  
  4b55fbf2b55cbdc967a1ae18a7e0f2e9
- SHA1
  
  59010b2c1dac3fb799853e410bacac8801a121dd
- SHA256
  
  c36b1d216e34ddd91f2611d0adc3781e676a03b89e39b0f98addc89d3c5b13c7
- SHA512
  
  56e4a15aa9603062c436d9df70402bf81d85be338914ae8774d07c6066c3d818bcfcc179151a0035d4a4d753eceb465bceb3d15cd2b3c2e984617c78fbbeb319
- SSDEEP
  
  24576:kyKfsFpR2jKuDF/CPSQDaNmIg2tISvqegZ/e2TgNaw1:zKfsFz2j1/cSQDaNmIgrnEEWL
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan