a139a3b8ae2b1c7f814f8cebb029de9647756bb490d57e77e67c8ca779bd81e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a139a3b8ae2b1c7f814f8cebb029de9647756bb490d57e77e67c8ca779bd81e6
Size

1.4MB
Sample

231012-wf2sdafb7v
MD5

16c6b57c5fd8d7d2a7c164bbe5fbdd4e
SHA1

0affd826939dd9213687c477f862f1392a4b5cc2
SHA256

a139a3b8ae2b1c7f814f8cebb029de9647756bb490d57e77e67c8ca779bd81e6
SHA512

ce5d009812a27f4565736d852d94d36b1b492ab493c126ebf6d4e9c445900cb4678f0591cf704c9b7025c3f6a5125133d2456e37b042b6cbe1ed3d4a431a3be7
SSDEEP

24576:PyY8ZgFpwP37zIvic+/+y9xlIcMAisOUoz8ZQVRsq3BFmawhfsLz87vLCK:akFijzsf+/+uxJ/5OFhRsq3/RLzSv2

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  a139a3b8ae2b1c7f814f8cebb029de9647756bb490d57e77e67c8ca779bd81e6
- Size
  
  1.4MB
- MD5
  
  16c6b57c5fd8d7d2a7c164bbe5fbdd4e
- SHA1
  
  0affd826939dd9213687c477f862f1392a4b5cc2
- SHA256
  
  a139a3b8ae2b1c7f814f8cebb029de9647756bb490d57e77e67c8ca779bd81e6
- SHA512
  
  ce5d009812a27f4565736d852d94d36b1b492ab493c126ebf6d4e9c445900cb4678f0591cf704c9b7025c3f6a5125133d2456e37b042b6cbe1ed3d4a431a3be7
- SSDEEP
  
  24576:PyY8ZgFpwP37zIvic+/+y9xlIcMAisOUoz8ZQVRsq3BFmawhfsLz87vLCK:akFijzsf+/+uxJ/5OFhRsq3/RLzSv2
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan