3416ea741c24a7e12d0a37e124a8acf016395e3fd67f1a02a34747695f96b22f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a12574f2d87cda760478635ea7c40f2c
Size

414KB
Sample

240224-gymzlsbf48
MD5

a12574f2d87cda760478635ea7c40f2c
SHA1

5bd5c4dc729a209c3f23019d941780cbd96c2f5d
SHA256

3416ea741c24a7e12d0a37e124a8acf016395e3fd67f1a02a34747695f96b22f
SHA512

ed5ba03a6fbb3666bf8f39b918ec84ccbdd4a4d2cc1676cb2eaa9a324f84b6dd0d2b26cd5154bee4adb633f8d6fd06d4e5bf3081f502d28a160641a8e3db4985
SSDEEP

12288:qngo1xkNkVhkkuK2Qtm98oQ8wUDXVzwl:ro1xCkPz2EG8opHlw

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  a12574f2d87cda760478635ea7c40f2c
- Size
  
  414KB
- MD5
  
  a12574f2d87cda760478635ea7c40f2c
- SHA1
  
  5bd5c4dc729a209c3f23019d941780cbd96c2f5d
- SHA256
  
  3416ea741c24a7e12d0a37e124a8acf016395e3fd67f1a02a34747695f96b22f
- SHA512
  
  ed5ba03a6fbb3666bf8f39b918ec84ccbdd4a4d2cc1676cb2eaa9a324f84b6dd0d2b26cd5154bee4adb633f8d6fd06d4e5bf3081f502d28a160641a8e3db4985
- SSDEEP
  
  12288:qngo1xkNkVhkkuK2Qtm98oQ8wUDXVzwl:ro1xCkPz2EG8opHlw
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2