41f7e0470500869ec08f02dc15c617530366c87b2e9b88d737a4cc6da8b3f6ec | Triage

Sharing

General

Target

41f7e0470500869ec08f02dc15c617530366c87b2e9b88d737a4cc6da8b3f6ec
Size

1.7MB
Sample

231006-hphh7she8v
MD5

ade24d5fe9103f8d5bc932ac9e5a1b12
SHA1

e7126cf193a5ed3bef181a573789254f258c84bc
SHA256

41f7e0470500869ec08f02dc15c617530366c87b2e9b88d737a4cc6da8b3f6ec
SHA512

14e473f1da2b23f41dd1e0766ee59147506a25ecdb4fd2a62df0eabfcaf740bc8eda7cdf959dcd257657abcc42c9cb69c57bba0da04fc17204822296db2f794d
SSDEEP

49152:bhP+rwhDFCux5lCfVvMcA1v5Z0P3ohJYghZrM:tP+EhDF/DwcGP3oQghV

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  41f7e0470500869ec08f02dc15c617530366c87b2e9b88d737a4cc6da8b3f6ec
- Size
  
  1.7MB
- MD5
  
  ade24d5fe9103f8d5bc932ac9e5a1b12
- SHA1
  
  e7126cf193a5ed3bef181a573789254f258c84bc
- SHA256
  
  41f7e0470500869ec08f02dc15c617530366c87b2e9b88d737a4cc6da8b3f6ec
- SHA512
  
  14e473f1da2b23f41dd1e0766ee59147506a25ecdb4fd2a62df0eabfcaf740bc8eda7cdf959dcd257657abcc42c9cb69c57bba0da04fc17204822296db2f794d
- SSDEEP
  
  49152:bhP+rwhDFCux5lCfVvMcA1v5Z0P3ohJYghZrM:tP+EhDF/DwcGP3oQghV
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan