b3adf53eda8f1593145e2b8e1d2f5f9d885fbd8b24ddc768c67746a44724ff95 | Triage

Submit
Reports

Overview

overview

Static

static

b3adf53eda...95.exe

windows7-x64

b3adf53eda...95.exe

windows10-2004-x64

Sharing

General

Target

b3adf53eda8f1593145e2b8e1d2f5f9d885fbd8b24ddc768c67746a44724ff95
Size

211KB
Sample

240405-aglxnaed6z
MD5

0a906cbedaa80549e3e0a8a3d1f09c17
SHA1

30468226717472118baa4ff4a010689c1401ded2
SHA256

b3adf53eda8f1593145e2b8e1d2f5f9d885fbd8b24ddc768c67746a44724ff95
SHA512

ea541d39434d5e246fa6c620531a975d33348fbca3aecb7fa212f6daf319b6b16a66719d78ae5a6c93b11bd7830b724c8d96a0638cf555bf4da7a72ebae97efa
SSDEEP

3072:hvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6u6G:hvEN2U+T6i5LirrllHy4HUcMQY6G

Score

10^/10

evasion persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b3adf53eda8f1593145e2b8e1d2f5f9d885fbd8b24ddc768c67746a44724ff95.exe

Resource

win7-20240221-en

evasion persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b3adf53eda8f1593145e2b8e1d2f5f9d885fbd8b24ddc768c67746a44724ff95.exe

Resource

win10v2004-20231215-en

evasion persistence

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  b3adf53eda8f1593145e2b8e1d2f5f9d885fbd8b24ddc768c67746a44724ff95
- Size
  
  211KB
- MD5
  
  0a906cbedaa80549e3e0a8a3d1f09c17
- SHA1
  
  30468226717472118baa4ff4a010689c1401ded2
- SHA256
  
  b3adf53eda8f1593145e2b8e1d2f5f9d885fbd8b24ddc768c67746a44724ff95
- SHA512
  
  ea541d39434d5e246fa6c620531a975d33348fbca3aecb7fa212f6daf319b6b16a66719d78ae5a6c93b11bd7830b724c8d96a0638cf555bf4da7a72ebae97efa
- SSDEEP
  
  3072:hvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6u6G:hvEN2U+T6i5LirrllHy4HUcMQY6G
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Detects executables with modified PE resources using the unpaid version of Resource Tuner
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy