4ffa4a112e32582fcb724f4feb263d935c7230b76031ac372a0a5c0a9bf36157 | Triage

Resubmissions

21-11-2023 07:01

231121-htfkeadf5s 8

Sharing

General

Target

Photo.Jpeg
Size

278KB
Sample

231121-htfkeadf5s
MD5

54fc0bbff5ede27bcf1e0c69e0f82285
SHA1

0150600a3a51beb27d20ec2f58edca7693050f12
SHA256

4ffa4a112e32582fcb724f4feb263d935c7230b76031ac372a0a5c0a9bf36157
SHA512

d68c339a3a5ba4fc973611872857de66f21405dcd50d53980e10f9f4724bf19151503f5a5b684fc15c8bbd9c777a8a0e1f20555061be524c1ac0eaff3e8829fd
SSDEEP

1536:l6pXKvd4afHosQrOyfgyVUJtAsHIA1dXBeyTw/B/6bF4pCw37uRfF618F7k7w/+Z:R+RotDqjGsU5GGFsU5zs

Score

8^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  Photo.Jpeg
- Size
  
  278KB
- MD5
  
  54fc0bbff5ede27bcf1e0c69e0f82285
- SHA1
  
  0150600a3a51beb27d20ec2f58edca7693050f12
- SHA256
  
  4ffa4a112e32582fcb724f4feb263d935c7230b76031ac372a0a5c0a9bf36157
- SHA512
  
  d68c339a3a5ba4fc973611872857de66f21405dcd50d53980e10f9f4724bf19151503f5a5b684fc15c8bbd9c777a8a0e1f20555061be524c1ac0eaff3e8829fd
- SSDEEP
  
  1536:l6pXKvd4afHosQrOyfgyVUJtAsHIA1dXBeyTw/B/6bF4pCw37uRfF618F7k7w/+Z:R+RotDqjGsU5GGFsU5zs
Score

8^/10

evasion persistence trojan
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistencetrojan