22a91cd87284c6c18b88d1d982dd7db966d0bd6be2f7a6dfb91c49214ea4d144 | Triage

Sharing

General

Target

bc1c9849df71615cc58527a606a40d0a
Size

384KB
Sample

240309-sh44qsaf63
MD5

bc1c9849df71615cc58527a606a40d0a
SHA1

0670dc99ee2735d52228743bcfbdde24eb2a503d
SHA256

22a91cd87284c6c18b88d1d982dd7db966d0bd6be2f7a6dfb91c49214ea4d144
SHA512

dba5b1eeb14143acee09dfe24435f0a973640cb61cdc49e7f97f8780b634de26088735b089c1f0fee5b76ffd6499fd591100830860c57a4c0c9dcebd1ae1de22
SSDEEP

6144:z2t62Rv55G5ke9MRs0On1SIFs7Bqwtj9kJ8c0IITjZ0N7/cYL9duz4hwOUu808Oy:uR5GdCs0O1BkBqwtjFc0fTjZOT59ozIM

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  bc1c9849df71615cc58527a606a40d0a
- Size
  
  384KB
- MD5
  
  bc1c9849df71615cc58527a606a40d0a
- SHA1
  
  0670dc99ee2735d52228743bcfbdde24eb2a503d
- SHA256
  
  22a91cd87284c6c18b88d1d982dd7db966d0bd6be2f7a6dfb91c49214ea4d144
- SHA512
  
  dba5b1eeb14143acee09dfe24435f0a973640cb61cdc49e7f97f8780b634de26088735b089c1f0fee5b76ffd6499fd591100830860c57a4c0c9dcebd1ae1de22
- SSDEEP
  
  6144:z2t62Rv55G5ke9MRs0On1SIFs7Bqwtj9kJ8c0IITjZ0N7/cYL9duz4hwOUu808Oy:uR5GdCs0O1BkBqwtjFc0fTjZOT59ozIM
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2