5499057b4ea8ed5ab4450041424d2d94021633569b622df6fd650d52a8bc64b2 | Triage

Sharing

General

Target

7fc2ff02be2acac7569c317fd03f3212
Size

392KB
Sample

240129-nywebaafan
MD5

7fc2ff02be2acac7569c317fd03f3212
SHA1

00046ed6218a02c9a65b68d813be297cb2a7db5b
SHA256

5499057b4ea8ed5ab4450041424d2d94021633569b622df6fd650d52a8bc64b2
SHA512

d83901d79c5200d0ffa74063b1979dbeca123ca70055667ea7f2c5720551f15cfe75a7fd1b50314712ad32059238fc03bcee55fd212bb8f4f5a16feccd15b2be
SSDEEP

12288:SCEGGmLdw5YRXnFb4iiXJo/VqiGFIG2oNwe8:DEGGEdwORVb4iiX2tzGyG2or8

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  7fc2ff02be2acac7569c317fd03f3212
- Size
  
  392KB
- MD5
  
  7fc2ff02be2acac7569c317fd03f3212
- SHA1
  
  00046ed6218a02c9a65b68d813be297cb2a7db5b
- SHA256
  
  5499057b4ea8ed5ab4450041424d2d94021633569b622df6fd650d52a8bc64b2
- SHA512
  
  d83901d79c5200d0ffa74063b1979dbeca123ca70055667ea7f2c5720551f15cfe75a7fd1b50314712ad32059238fc03bcee55fd212bb8f4f5a16feccd15b2be
- SSDEEP
  
  12288:SCEGGmLdw5YRXnFb4iiXJo/VqiGFIG2oNwe8:DEGGEdwORVb4iiX2tzGyG2or8
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2