875acc02acd3a639781675dc82c3aaaf9707370189ce92044cea2cc74ff28ea9 | Triage

Sharing

General

Target

875acc02acd3a639781675dc82c3aaaf9707370189ce92044cea2cc74ff28ea9
Size

1.5MB
Sample

231004-nm62nsdb66
MD5

8bb20d4e09b3344eac08ad66691c6770
SHA1

e033c261a034083ce3376445f87cf829a512779d
SHA256

875acc02acd3a639781675dc82c3aaaf9707370189ce92044cea2cc74ff28ea9
SHA512

91cb117de385e9ec39a286c67c4d35bc2149d7407a277d45e87742cd8cd234db5f9582e268fa582ae2df54cc1e6e89882092f36c4100390e63841f0459d47572
SSDEEP

49152:SQGDTF1z6XT1NDuAOQpOUTQ4CXH8YNq+:/G91OXDDuA7phs4CsH

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  875acc02acd3a639781675dc82c3aaaf9707370189ce92044cea2cc74ff28ea9
- Size
  
  1.5MB
- MD5
  
  8bb20d4e09b3344eac08ad66691c6770
- SHA1
  
  e033c261a034083ce3376445f87cf829a512779d
- SHA256
  
  875acc02acd3a639781675dc82c3aaaf9707370189ce92044cea2cc74ff28ea9
- SHA512
  
  91cb117de385e9ec39a286c67c4d35bc2149d7407a277d45e87742cd8cd234db5f9582e268fa582ae2df54cc1e6e89882092f36c4100390e63841f0459d47572
- SSDEEP
  
  49152:SQGDTF1z6XT1NDuAOQpOUTQ4CXH8YNq+:/G91OXDDuA7phs4CsH
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan