3c2ada8704508c3b60b26ff97dac350eefc7902ed6ab3c430d413f2333e9acfa | Triage

Sharing

General

Target

3c2ada8704508c3b60b26ff97dac350eefc7902ed6ab3c430d413f2333e9acfa
Size

1.8MB
Sample

231004-phmmxadf36
MD5

e7d050576a5b6e710198b6a55c6db85d
SHA1

aed3bf7d37a6d2efcd1e32c63a6045e331b34ecb
SHA256

3c2ada8704508c3b60b26ff97dac350eefc7902ed6ab3c430d413f2333e9acfa
SHA512

2a0fdfe6abe50ed7a6b0fa5ca358a0003da6f7fb992c3b65d7a4dd71d51b8d0a697c6718891cd4d93c82941e7144633939ad6ac95c659d15c43f61c38e54a8a2
SSDEEP

49152:LIJSkiB6EAVkIpgPEAAtGZtG5MgGGpVyAKJ0PCa:MXiwvLFAbt2MidNC

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  3c2ada8704508c3b60b26ff97dac350eefc7902ed6ab3c430d413f2333e9acfa
- Size
  
  1.8MB
- MD5
  
  e7d050576a5b6e710198b6a55c6db85d
- SHA1
  
  aed3bf7d37a6d2efcd1e32c63a6045e331b34ecb
- SHA256
  
  3c2ada8704508c3b60b26ff97dac350eefc7902ed6ab3c430d413f2333e9acfa
- SHA512
  
  2a0fdfe6abe50ed7a6b0fa5ca358a0003da6f7fb992c3b65d7a4dd71d51b8d0a697c6718891cd4d93c82941e7144633939ad6ac95c659d15c43f61c38e54a8a2
- SSDEEP
  
  49152:LIJSkiB6EAVkIpgPEAAtGZtG5MgGGpVyAKJ0PCa:MXiwvLFAbt2MidNC
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan