391924406914b94c0f193f7aee8fca4e9d7fd6116773be6b84553cc97d6fb0e9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

391924406914b94c0f193f7aee8fca4e9d7fd6116773be6b84553cc97d6fb0e9.bin
Size

1.1MB
Sample

230506-z8dg2ahg4v
MD5

82906cc5a1637ee5ca9f6ca614838e84
SHA1

6fd64bc3d744f4b67d46d3ce1a4556616f41923a
SHA256

391924406914b94c0f193f7aee8fca4e9d7fd6116773be6b84553cc97d6fb0e9
SHA512

eb877967d76ecfd3e86b0e7fd4445fd82a47d7b072b1db4a11d36a1590c1a5fa9592f4adcef650a5d482d4113f64d8b039e38690410cb6966a81cbf31cc0d4f1
SSDEEP

24576:9yJX6tk33pPv57SGDcI+CWtviOZBE2yjWLmeVV66+w:YJXP3557S/IPW9B2jWquk

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  391924406914b94c0f193f7aee8fca4e9d7fd6116773be6b84553cc97d6fb0e9.bin
- Size
  
  1.1MB
- MD5
  
  82906cc5a1637ee5ca9f6ca614838e84
- SHA1
  
  6fd64bc3d744f4b67d46d3ce1a4556616f41923a
- SHA256
  
  391924406914b94c0f193f7aee8fca4e9d7fd6116773be6b84553cc97d6fb0e9
- SHA512
  
  eb877967d76ecfd3e86b0e7fd4445fd82a47d7b072b1db4a11d36a1590c1a5fa9592f4adcef650a5d482d4113f64d8b039e38690410cb6966a81cbf31cc0d4f1
- SSDEEP
  
  24576:9yJX6tk33pPv57SGDcI+CWtviOZBE2yjWLmeVV66+w:YJXP3557S/IPW9B2jWquk
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan