80a7dbee8158a3b6fde39bceceec0635c414145c069852a9047d06c124361d6d | Triage

Sharing

General

Target

80a7dbee8158a3b6fde39bceceec0635c414145c069852a9047d06c124361d6d
Size

2.1MB
Sample

240229-kxw3nsca8y
MD5

36883a998e16240311949a43f5c1ecb7
SHA1

50edc4c84eb8c15ab1653433700fce86af60f0b0
SHA256

80a7dbee8158a3b6fde39bceceec0635c414145c069852a9047d06c124361d6d
SHA512

c9321e31756ff0e2d4ff115293a4e44399ef8fcde3a470e0d7e989f107776a1d6c383f12815ea19d57820d39e94e4bbb40deae5d695ec5fa4e2d055fb59d95a0
SSDEEP

49152:MwdhBkGMb18MLjRkRl+2HxYc0vFuvNX/oj6nPtI:MwdhBkGMb188jaz+2RY

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  80a7dbee8158a3b6fde39bceceec0635c414145c069852a9047d06c124361d6d
- Size
  
  2.1MB
- MD5
  
  36883a998e16240311949a43f5c1ecb7
- SHA1
  
  50edc4c84eb8c15ab1653433700fce86af60f0b0
- SHA256
  
  80a7dbee8158a3b6fde39bceceec0635c414145c069852a9047d06c124361d6d
- SHA512
  
  c9321e31756ff0e2d4ff115293a4e44399ef8fcde3a470e0d7e989f107776a1d6c383f12815ea19d57820d39e94e4bbb40deae5d695ec5fa4e2d055fb59d95a0
- SSDEEP
  
  49152:MwdhBkGMb18MLjRkRl+2HxYc0vFuvNX/oj6nPtI:MwdhBkGMb188jaz+2RY
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan