f6d704409dab8eefcb3e767bd430a0f21f449772d263516282e3e8d5c2de324b | Triage

Sharing

General

Target

f6d704409dab8eefcb3e767bd430a0f21f449772d263516282e3e8d5c2de324b
Size

1.4MB
Sample

231101-xhydeadf27
MD5

208880d54eac8a653d4d775f4a83a6e1
SHA1

220615dc5c1f0056ac06f82982830ed6f7264a67
SHA256

f6d704409dab8eefcb3e767bd430a0f21f449772d263516282e3e8d5c2de324b
SHA512

4d186316b6c466992240f927af4768e5a22b14ba1c32e76faa4ff8cad82bef9f22d29cd16e2bf9c18fdb3b01a3578203a5b12080061d64cf3c34342dcff49bb2
SSDEEP

24576:My2tEkFHpHg3Hg25yJjvnXun2GXiJUimwdCmSrl98ur/Ml9SD1O03AZyMLzT:72XjHGHg2Ux+2GcUJwCmUlqqO9cmP

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  f6d704409dab8eefcb3e767bd430a0f21f449772d263516282e3e8d5c2de324b
- Size
  
  1.4MB
- MD5
  
  208880d54eac8a653d4d775f4a83a6e1
- SHA1
  
  220615dc5c1f0056ac06f82982830ed6f7264a67
- SHA256
  
  f6d704409dab8eefcb3e767bd430a0f21f449772d263516282e3e8d5c2de324b
- SHA512
  
  4d186316b6c466992240f927af4768e5a22b14ba1c32e76faa4ff8cad82bef9f22d29cd16e2bf9c18fdb3b01a3578203a5b12080061d64cf3c34342dcff49bb2
- SSDEEP
  
  24576:My2tEkFHpHg3Hg25yJjvnXun2GXiJUimwdCmSrl98ur/Ml9SD1O03AZyMLzT:72XjHGHg2Ux+2GcUJwCmUlqqO9cmP
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan