77f03b6e7ff483c1e4e156f1279a0d3d788494968917f6f947505b762dcb12d5 | Triage

Sharing

General

Target

29ec600836346c641b153f753ed721fa
Size

503KB
Sample

231225-s3j93abba7
MD5

29ec600836346c641b153f753ed721fa
SHA1

1491d34b229bf06de9c791e6b28eb91d13e542e2
SHA256

77f03b6e7ff483c1e4e156f1279a0d3d788494968917f6f947505b762dcb12d5
SHA512

b32231ada19d28829063b72e21f16fb42c2711a61ddaf3eaf804dcb236384528d5a95587cf77363804b1e4ffdf99e25b83d02d1d0225e1bd2c05151daa904f94
SSDEEP

12288:yc+qifEn16C7bFZr8nnnImLkBlTAHDOR96Btb1:12EF7Jl8ImRjORWb

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  29ec600836346c641b153f753ed721fa
- Size
  
  503KB
- MD5
  
  29ec600836346c641b153f753ed721fa
- SHA1
  
  1491d34b229bf06de9c791e6b28eb91d13e542e2
- SHA256
  
  77f03b6e7ff483c1e4e156f1279a0d3d788494968917f6f947505b762dcb12d5
- SHA512
  
  b32231ada19d28829063b72e21f16fb42c2711a61ddaf3eaf804dcb236384528d5a95587cf77363804b1e4ffdf99e25b83d02d1d0225e1bd2c05151daa904f94
- SSDEEP
  
  12288:yc+qifEn16C7bFZr8nnnImLkBlTAHDOR96Btb1:12EF7Jl8ImRjORWb
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2