635ff967e4b35b958a7d85141dbd6ac4c6bc6c09cd99c274b1a7e3d9fc673ce3 | Triage

Sharing

General

Target

589a084f657e117cad51098efecc4396
Size

705KB
Sample

240113-ln791sgfd4
MD5

589a084f657e117cad51098efecc4396
SHA1

d3aba924226f16489714ff82818f0ca72edcdd99
SHA256

635ff967e4b35b958a7d85141dbd6ac4c6bc6c09cd99c274b1a7e3d9fc673ce3
SHA512

18570d3b379572d9a801ca269d4bacb65f52e66a60bfcab6955d546d89841d74fbf30be5322db47675ae783670d2dc5fec1245e1889094aad884c1e1715be111
SSDEEP

12288:NDJnJM4OpSpnO8kTflYcS4RaEnam/OJMe/bGQJ3by53Y9:1JnJM4OqTW95SYaix/OJb/bl3e5I9

Score

8^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  589a084f657e117cad51098efecc4396
- Size
  
  705KB
- MD5
  
  589a084f657e117cad51098efecc4396
- SHA1
  
  d3aba924226f16489714ff82818f0ca72edcdd99
- SHA256
  
  635ff967e4b35b958a7d85141dbd6ac4c6bc6c09cd99c274b1a7e3d9fc673ce3
- SHA512
  
  18570d3b379572d9a801ca269d4bacb65f52e66a60bfcab6955d546d89841d74fbf30be5322db47675ae783670d2dc5fec1245e1889094aad884c1e1715be111
- SSDEEP
  
  12288:NDJnJM4OpSpnO8kTflYcS4RaEnam/OJMe/bGQJ3by53Y9:1JnJM4OqTW95SYaix/OJb/bl3e5I9
Score

8^/10

discovery evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasiontrojan