4e6bad1b5cc7f890558bc3ff6c2e3939eb36371b6975ff3585151c6607dd25c7 | Triage

Sharing

General

Target

90bd7960aeaf9f3a8007a7b66810ffa365e832a3849b832a31cd39886ff61b23.zip
Size

448KB
Sample

231119-2brz9scc48
MD5

32d57681adb5106118bab187ba33a81a
SHA1

ac35d4b967c21d73877780e6039a7417c93e41b6
SHA256

4e6bad1b5cc7f890558bc3ff6c2e3939eb36371b6975ff3585151c6607dd25c7
SHA512

d2223a681437f14ef5864c131b3edce300613a64e1bc36eee0448413f572f27b53f378253923b6d12eaebcfd4ae69d28cf2ec48fcca8287f9540e6058e0885d0
SSDEEP

12288:I8jvtvI2Z6KL0JPouDQnbJq4dmVeRfRT+ZGt3LDb:IXtKyPowmo0eWz

Score

7^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  c6fc9524fec2a6e2d2954d11b67a4d86a3c4a5672f21c388b1ab555e6fd09888.exe
- Size
  
  912KB
- MD5
  
  d24b38a543bfbb715b93e9059a79ada5
- SHA1
  
  af4b41a4ddd99d866360160f755a5f55fc8f35f0
- SHA256
  
  c6fc9524fec2a6e2d2954d11b67a4d86a3c4a5672f21c388b1ab555e6fd09888
- SHA512
  
  abceb1d12fc00678b63d2439341e04bdee65952230ebd6ba674d9a9b8b6fccea04fed1e4b9f1c8f2064c944b7f5b8d71749a7b2b343923d335a8bd03b5eb3830
- SSDEEP
  
  12288:v+YE32Q8n9FgCBT4jh0rOcazvLbzTq4TYSyPKcaTuxfa:vvEwnfg04jgaXbzG4TYS8KcR
Score

7^/10

evasion persistence trojan
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan