3d50c7ae50e4b4d100969a247d7198a867dd72dfb30e4e3ed81266c6f5d1ebd6 | Triage

Sharing

General

Target

90bd7960aeaf9f3a8007a7b66810ffa365e832a3849b832a31cd39886ff61b23.zip
Size

448KB
Sample

231013-rmxd1sad6v
MD5

48db1bbfb5c53f28c40933638e4cf7b2
SHA1

4be6cea717864fa8f1576266acc5be9aa0c36b35
SHA256

3d50c7ae50e4b4d100969a247d7198a867dd72dfb30e4e3ed81266c6f5d1ebd6
SHA512

676e5da0af65525a36a821a19c69ffea42519674d73215c57c4802c4c3bc02dc03ce4f7824a3cbb5c7f8e0dd9d57dcedc5f01e7a6ee62e0e00eb2592aea111fa
SSDEEP

12288:wPNUue6ZpYYVm03w05bPefeC17eKBgA0Herr8zvSHPIG:wajQqPCw05bRHA4o8zqvIG

Score

7^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  c6fc9524fec2a6e2d2954d11b67a4d86a3c4a5672f21c388b1ab555e6fd09888.exe
- Size
  
  912KB
- MD5
  
  d24b38a543bfbb715b93e9059a79ada5
- SHA1
  
  af4b41a4ddd99d866360160f755a5f55fc8f35f0
- SHA256
  
  c6fc9524fec2a6e2d2954d11b67a4d86a3c4a5672f21c388b1ab555e6fd09888
- SHA512
  
  abceb1d12fc00678b63d2439341e04bdee65952230ebd6ba674d9a9b8b6fccea04fed1e4b9f1c8f2064c944b7f5b8d71749a7b2b343923d335a8bd03b5eb3830
- SSDEEP
  
  12288:v+YE32Q8n9FgCBT4jh0rOcazvLbzTq4TYSyPKcaTuxfa:vvEwnfg04jgaXbzG4TYS8KcR
Score

7^/10

evasion persistence trojan
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan