a26ccd5c6f8a5857b8855360a5139ce2143741aec9c8c729f845578143dcbd29 | Triage

Sharing

General

Target

a26ccd5c6f8a5857b8855360a5139ce2143741aec9c8c729f845578143dcbd29
Size

1.8MB
Sample

231005-st8w3adh75
MD5

d497e2f41cf38ad130416dbffc63ad93
SHA1

a75f3b6522e9d9eefcb75ad95b39d09552cef3c8
SHA256

a26ccd5c6f8a5857b8855360a5139ce2143741aec9c8c729f845578143dcbd29
SHA512

b3fff015ca56888db4119ad3702943681ec1d90ed40121aedfd2ad7455a52dbc0b50c2c814695fc6a60b2e3f580e98054b6019a3f62afbdf939067fa9a3da3f8
SSDEEP

49152:gSxmRHwkFWs6oSq77CJhS+vELUIYjSe+9+AVnxkKPhdGuiXe:9UWsnSuW/HvEIT+9+AVOKPXGA

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  a26ccd5c6f8a5857b8855360a5139ce2143741aec9c8c729f845578143dcbd29
- Size
  
  1.8MB
- MD5
  
  d497e2f41cf38ad130416dbffc63ad93
- SHA1
  
  a75f3b6522e9d9eefcb75ad95b39d09552cef3c8
- SHA256
  
  a26ccd5c6f8a5857b8855360a5139ce2143741aec9c8c729f845578143dcbd29
- SHA512
  
  b3fff015ca56888db4119ad3702943681ec1d90ed40121aedfd2ad7455a52dbc0b50c2c814695fc6a60b2e3f580e98054b6019a3f62afbdf939067fa9a3da3f8
- SSDEEP
  
  49152:gSxmRHwkFWs6oSq77CJhS+vELUIYjSe+9+AVnxkKPhdGuiXe:9UWsnSuW/HvEIT+9+AVOKPXGA
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan