0286ac684a2a657681baff90fd6ac78563917d1d98728273e0acc49a60e14dec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0f1bd6117e909bd57dfadb3cb6548350_JC.exe
Size

549KB
Sample

231014-plyjksdh9t
MD5

0f1bd6117e909bd57dfadb3cb6548350
SHA1

a2ed73c1b5446c372c70718eed58e61de1addcdb
SHA256

0286ac684a2a657681baff90fd6ac78563917d1d98728273e0acc49a60e14dec
SHA512

d8cb4565aa23c12a27bd52b6034f665b33d5220bbd70715c8ab32b4f5844bf9ea7ccdf94214f156abc9b2deef3f5370937e930654420e8e92851c26a1df1fe04
SSDEEP

12288:OMrry90iOenEo7jPBFi6n70jq9ql+aLZl4HOvOqDen6:FylOeB7jpFigqoUG6

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  NEAS.0f1bd6117e909bd57dfadb3cb6548350_JC.exe
- Size
  
  549KB
- MD5
  
  0f1bd6117e909bd57dfadb3cb6548350
- SHA1
  
  a2ed73c1b5446c372c70718eed58e61de1addcdb
- SHA256
  
  0286ac684a2a657681baff90fd6ac78563917d1d98728273e0acc49a60e14dec
- SHA512
  
  d8cb4565aa23c12a27bd52b6034f665b33d5220bbd70715c8ab32b4f5844bf9ea7ccdf94214f156abc9b2deef3f5370937e930654420e8e92851c26a1df1fe04
- SSDEEP
  
  12288:OMrry90iOenEo7jPBFi6n70jq9ql+aLZl4HOvOqDen6:FylOeB7jpFigqoUG6
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan