fb6a7532e6cba2c64fbdeaef9807bea891c52859f26e23ce339024f5e103b278 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb6a7532e6cba2c64fbdeaef9807bea891c52859f26e23ce339024f5e103b278
Size

30KB
Sample

240419-v1trtsbd5x
MD5

dd5ab174670ff8062f83f363efcd691a
SHA1

e5a5adb4c865e3e231bd880435f6e425244b1271
SHA256

fb6a7532e6cba2c64fbdeaef9807bea891c52859f26e23ce339024f5e103b278
SHA512

f5aae5c4ae3961f24034d133a5281850d1dd5d67ffc9d6cd7e30890a406ae94798397ebe232612fd7f7459b27820d3fb9775cde0f58bfc7cf6a91f318f856194
SSDEEP

768:+XXThqcaDUiEfRHV0jIlaPM8Ft1IlITVb3yddhgUxwXoyT1C:+XtqcUUzHV0ZM8F+UVGFxwb1C

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  b33c768a9b6215733de13570a3049e4abaa787944d099bd8f93215df7abd5d43.exe
- Size
  
  60KB
- MD5
  
  b5b253c5683808fe9f186272f3261549
- SHA1
  
  8a2bf7d20a2eca35342cb5bd9ca59a4fc7119fa4
- SHA256
  
  b33c768a9b6215733de13570a3049e4abaa787944d099bd8f93215df7abd5d43
- SHA512
  
  d47161a87c9b7c51a513c83a2db6fbdb4ee27971f6f35f4217690a9f287eda1819c0f6bf7103df1ba6a90b25505be399d3a6b82765d842929f3ed78498b35980
- SSDEEP
  
  768:JiDt8/1YViYW2V02FQWL3ILtE79qwObQA+LjuHscot3umQM6IVTM2fuc:AKsn9FFQPtEhqFQASiHsL++Oc
Score

10^/10

evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2