ed85383070a7d0811bea2aadc85bd086a55da944baccfe1a485e9704d3c3544d | Triage

Sharing

General

Target

file.exe
Size

876KB
Sample

231015-a24m7sed78
MD5

654fb3e0e40ba59b5efd8e2cf8cffbf1
SHA1

cae47170637cc2813608f5b80eae9e24f3e94e8f
SHA256

ed85383070a7d0811bea2aadc85bd086a55da944baccfe1a485e9704d3c3544d
SHA512

7526cb5ca6dcea61fe7e5d2a2ca75909eae1cd420bf16c4f239117a05d387af2213b0059fb711a46a6d1009c0ad6828996f721dbd76266e8aa249e1334d0c355
SSDEEP

12288:LMrLy90i0k5p/j9o0O8mBqK+Fq6A/FzAaOCSxM6X2Ja1fNaGDdJ20+ktoIlLqy3+:Qy3dTtWz8EFztmaqi0+ktoIlT3NwsPc

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  876KB
- MD5
  
  654fb3e0e40ba59b5efd8e2cf8cffbf1
- SHA1
  
  cae47170637cc2813608f5b80eae9e24f3e94e8f
- SHA256
  
  ed85383070a7d0811bea2aadc85bd086a55da944baccfe1a485e9704d3c3544d
- SHA512
  
  7526cb5ca6dcea61fe7e5d2a2ca75909eae1cd420bf16c4f239117a05d387af2213b0059fb711a46a6d1009c0ad6828996f721dbd76266e8aa249e1334d0c355
- SSDEEP
  
  12288:LMrLy90i0k5p/j9o0O8mBqK+Fq6A/FzAaOCSxM6X2Ja1fNaGDdJ20+ktoIlLqy3+:Qy3dTtWz8EFztmaqi0+ktoIlT3NwsPc
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan