8ab80af10e8063f6b66e654349e917b51aad056982d04d96b2a630225e4e3f9d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

=).PNG
Size

65KB
Sample

240420-kbb6dadb5v
MD5

b1be33503e5d168d48399bdfc5ce1886
SHA1

c5f760e8e6ed4b38c4e52b71214b663863129e1b
SHA256

8ab80af10e8063f6b66e654349e917b51aad056982d04d96b2a630225e4e3f9d
SHA512

012d2731be324a9b9841cba73b6abbb06b760611aac5ccb4e0a992140a877d6f71d37d635101432a71cdf51bb9189a398e43aff49cc45f473c5af72158933088
SSDEEP

1536:55WXRIGcTewcWmYagCfWsgAYWXb/8c87xUVoF56MX5Jm5gz:LWXRXsKWmYUf7gDA/8V7xUu5P5Jm5Q

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  =).PNG
- Size
  
  65KB
- MD5
  
  b1be33503e5d168d48399bdfc5ce1886
- SHA1
  
  c5f760e8e6ed4b38c4e52b71214b663863129e1b
- SHA256
  
  8ab80af10e8063f6b66e654349e917b51aad056982d04d96b2a630225e4e3f9d
- SHA512
  
  012d2731be324a9b9841cba73b6abbb06b760611aac5ccb4e0a992140a877d6f71d37d635101432a71cdf51bb9189a398e43aff49cc45f473c5af72158933088
- SSDEEP
  
  1536:55WXRIGcTewcWmYagCfWsgAYWXb/8c87xUVoF56MX5Jm5gz:LWXRXsKWmYUf7gDA/8V7xUu5P5Jm5Q
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan