a3787d1e7c003d843f375b411d66eddcd371ece6c4ad795b8c6207a47c8a4d18 | Triage

Sharing

General

Target

a3787d1e7c003d843f375b411d66eddcd371ece6c4ad795b8c6207a47c8a4d18
Size

1.8MB
Sample

231006-ldm64aad3y
MD5

fdb81886ae7c656822136d957db873a4
SHA1

b102d88e64e3e6df1a1da415e0d9f490ba160820
SHA256

a3787d1e7c003d843f375b411d66eddcd371ece6c4ad795b8c6207a47c8a4d18
SHA512

bd6e7c834d4d9b4bf9fe36283fb433897774d7ed4dd43276942c0ab4ef14f7c1924c18ee7d323adf75e3bbc0fcddc4d3067bbb38e0ac721d1703650cc9cf5e52
SSDEEP

49152:2mgjMzHehaTQvMlY2f77KE9SfJLTfyth:9lMJeD7t9sy7

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  a3787d1e7c003d843f375b411d66eddcd371ece6c4ad795b8c6207a47c8a4d18
- Size
  
  1.8MB
- MD5
  
  fdb81886ae7c656822136d957db873a4
- SHA1
  
  b102d88e64e3e6df1a1da415e0d9f490ba160820
- SHA256
  
  a3787d1e7c003d843f375b411d66eddcd371ece6c4ad795b8c6207a47c8a4d18
- SHA512
  
  bd6e7c834d4d9b4bf9fe36283fb433897774d7ed4dd43276942c0ab4ef14f7c1924c18ee7d323adf75e3bbc0fcddc4d3067bbb38e0ac721d1703650cc9cf5e52
- SSDEEP
  
  49152:2mgjMzHehaTQvMlY2f77KE9SfJLTfyth:9lMJeD7t9sy7
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan