846bd99cdbd9b319eb473a6079e507ed29f990d4d32d3919d954fc1f8ed12647 | Triage

Sharing

General

Target

7b4a3b34a467f397a7f393d093d1f8a9_NEAS
Size

71KB
Sample

240508-rmnf4sgf31
MD5

7b4a3b34a467f397a7f393d093d1f8a9
SHA1

343dbbf83fb2381e4241ec827ae25fcc29d2c805
SHA256

846bd99cdbd9b319eb473a6079e507ed29f990d4d32d3919d954fc1f8ed12647
SHA512

0a7ebc96cee00924b4c872322a5753006aabf9e4af7d56ee22536cefad5f24310bc7029f9830071bd98862c1c9506bfbecfc62301cddd0ce018b8a6b03e9f710
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slRj:Olg35GTslA5t3/w8S

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  7b4a3b34a467f397a7f393d093d1f8a9_NEAS
- Size
  
  71KB
- MD5
  
  7b4a3b34a467f397a7f393d093d1f8a9
- SHA1
  
  343dbbf83fb2381e4241ec827ae25fcc29d2c805
- SHA256
  
  846bd99cdbd9b319eb473a6079e507ed29f990d4d32d3919d954fc1f8ed12647
- SHA512
  
  0a7ebc96cee00924b4c872322a5753006aabf9e4af7d56ee22536cefad5f24310bc7029f9830071bd98862c1c9506bfbecfc62301cddd0ce018b8a6b03e9f710
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8slRj:Olg35GTslA5t3/w8S
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan