20820c5dc97a9f59e8bf1e9ad42e35d4e137915084373ca1e14237d6728a5897 | Triage

Sharing

General

Target

20820c5dc97a9f59e8bf1e9ad42e35d4e137915084373ca1e14237d6728a5897
Size

877KB
Sample

231015-he8bwafa43
MD5

2178a80d58869faeea48ec3b08f8ce80
SHA1

d8eab57f1d1723341ffc9466f5c3b942635badab
SHA256

20820c5dc97a9f59e8bf1e9ad42e35d4e137915084373ca1e14237d6728a5897
SHA512

d8141ba361ddd1f8bd9895f3e79d2fce4209621d4bf9b446b4c982510b954aa12de0d0608ef720b9f52d04767b152c96adfa4705d2687efea83b2ba616ab1435
SSDEEP

24576:0yeyw/15Yvnm+UMrS2/hmh382KqDSeuSqDuxr3:Dnk15g5U+ThmhkqDwqxr

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  20820c5dc97a9f59e8bf1e9ad42e35d4e137915084373ca1e14237d6728a5897
- Size
  
  877KB
- MD5
  
  2178a80d58869faeea48ec3b08f8ce80
- SHA1
  
  d8eab57f1d1723341ffc9466f5c3b942635badab
- SHA256
  
  20820c5dc97a9f59e8bf1e9ad42e35d4e137915084373ca1e14237d6728a5897
- SHA512
  
  d8141ba361ddd1f8bd9895f3e79d2fce4209621d4bf9b446b4c982510b954aa12de0d0608ef720b9f52d04767b152c96adfa4705d2687efea83b2ba616ab1435
- SSDEEP
  
  24576:0yeyw/15Yvnm+UMrS2/hmh382KqDSeuSqDuxr3:Dnk15g5U+ThmhkqDwqxr
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan