be9885913c63b467e102d7650841bd56dc038e4d347c7823fe78c8205917cc2d | Triage

Resubmissions

06/05/2023, 03:34

230506-d4318sab4x 8

06/05/2023, 03:31

230506-d24jzsfh36 10

06/05/2023, 03:27

230506-dz82paab2z 10

06/05/2023, 03:16

230506-dsqlrsaa71 10

Sharing

General

Target

c6326212f846c43fd017ae3ecd6e7f4d.bin
Size

1.2MB
Sample

230506-d24jzsfh36
MD5

5157ebad8df6f3718ec9f9902b276f17
SHA1

dc5a3e79bdf99628eec9eba696e75e370502846b
SHA256

be9885913c63b467e102d7650841bd56dc038e4d347c7823fe78c8205917cc2d
SHA512

32d4cb12b9fd72fcda1f23782da5c4baf70b43663ef456a3bc959a27ccb382b1a5baeb9fe224b7f9bbb4ce184bbd308e69c309535a97e61a48f4b58f9517e265
SSDEEP

24576:pz6oYtbFzhY6pMywRLaXw1hPZZVuHgPoY5W:p2oWdY6pMywdaOP2gQR

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  00f0216950a0e1670937a7e76d2328226792363edc980aedda2de8722ace0896.exe
- Size
  
  1.3MB
- MD5
  
  c6326212f846c43fd017ae3ecd6e7f4d
- SHA1
  
  c92d9d6a4df83cd701ab170209a3af9d381ca928
- SHA256
  
  00f0216950a0e1670937a7e76d2328226792363edc980aedda2de8722ace0896
- SHA512
  
  fd0d59818687ecebec17820d63bcb61c0e0a4a5253899439e311e0f431234abf22f22cfc88de7801e5c5d95392b9da1e331bf43cfc15a406381fb4b02cbb6268
- SSDEEP
  
  24576:1yV1s8yRxwV7JGccW9Uan8Ax+dAuQ52W0oIw0A8IZ:Q3s8yRUJGccYUa/yV8x0oIwE
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan