c94ed445611ed35ebbe8c3c2af5c17e20cdb8ef76ecbc1ef535bdec7ccf08f4b | Triage

Resubmissions

11-02-2024 20:27

240211-y8tnksdb78 10

11-02-2024 20:21

240211-y5dg7abb61 6

11-02-2024 20:11

240211-yymsaada97 6

11-02-2024 20:06

240211-yvk5aaba9v 6

11-02-2024 19:54

240211-ym1vrsda45 10

Sharing

General

Target

winrar-x64-624es.exe
Size

3.5MB
Sample

240211-ym1vrsda45
MD5

1da8374156fc6492f06828e55ea4dc13
SHA1

4923d045851434d65ce7c56b7e1bd73a08fc2305
SHA256

c94ed445611ed35ebbe8c3c2af5c17e20cdb8ef76ecbc1ef535bdec7ccf08f4b
SHA512

445392ffca842263310d0f4b8371e0bfd6bcb40d9e846d645c73616b252315b0603d7e538d9e5415028c35f747989da5c14566cf356860304e889ae7f12565d2
SSDEEP

98304:jwBOBfKqQ0K1MTXtbysMqIpmCcBQz/J6+14CeZx1kR7:jw/qQv1MTXhysMs1BQnG1G

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  winrar-x64-624es.exe
- Size
  
  3.5MB
- MD5
  
  1da8374156fc6492f06828e55ea4dc13
- SHA1
  
  4923d045851434d65ce7c56b7e1bd73a08fc2305
- SHA256
  
  c94ed445611ed35ebbe8c3c2af5c17e20cdb8ef76ecbc1ef535bdec7ccf08f4b
- SHA512
  
  445392ffca842263310d0f4b8371e0bfd6bcb40d9e846d645c73616b252315b0603d7e538d9e5415028c35f747989da5c14566cf356860304e889ae7f12565d2
- SSDEEP
  
  98304:jwBOBfKqQ0K1MTXtbysMqIpmCcBQz/J6+14CeZx1kR7:jw/qQv1MTXhysMs1BQnG1G
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Modifies WinLogon for persistence
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan