372048b1b438348ce8b990581b83bf775c4cea4f71d141b3441c50ea1eca14d6 | Triage

Sharing

General

Target

372048b1b438348ce8b990581b83bf775c4cea4f71d141b3441c50ea1eca14d6
Size

1.6MB
Sample

231104-pfqa1sbg75
MD5

5db0f4b2b31d5bc7a7dd8d050f45a0ef
SHA1

351b4517a418b2ae72c69411e695d5016d282639
SHA256

372048b1b438348ce8b990581b83bf775c4cea4f71d141b3441c50ea1eca14d6
SHA512

451b8589957ed06fdef1054d08274feb0734a23b90b35abdbb18939502005644d8de445cdac79deda054644c1eddaebeb480b7d346ddf757016ca3fb5d5892b6
SSDEEP

49152:dmwAdoo5CVM9yO8ZBySmVb53ELh7BfsDK:o9d++L8Z4B/3ELhZsDK

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  372048b1b438348ce8b990581b83bf775c4cea4f71d141b3441c50ea1eca14d6
- Size
  
  1.6MB
- MD5
  
  5db0f4b2b31d5bc7a7dd8d050f45a0ef
- SHA1
  
  351b4517a418b2ae72c69411e695d5016d282639
- SHA256
  
  372048b1b438348ce8b990581b83bf775c4cea4f71d141b3441c50ea1eca14d6
- SHA512
  
  451b8589957ed06fdef1054d08274feb0734a23b90b35abdbb18939502005644d8de445cdac79deda054644c1eddaebeb480b7d346ddf757016ca3fb5d5892b6
- SSDEEP
  
  49152:dmwAdoo5CVM9yO8ZBySmVb53ELh7BfsDK:o9d++L8Z4B/3ELhZsDK
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan