70bc053579dbbd5848cfb1f85fbe3b93dfeb8d4e6a5a313fedf08ae9a798f455 | Triage

Sharing

General

Target

70bc053579dbbd5848cfb1f85fbe3b93dfeb8d4e6a5a313fedf08ae9a798f455
Size

70KB
Sample

240522-2znbzscd33
MD5

8b82dcf7bd132da739ae1eb9061455a2
SHA1

768666a07b5ebc1d0cf2afe3e80ce7326b3d5c45
SHA256

70bc053579dbbd5848cfb1f85fbe3b93dfeb8d4e6a5a313fedf08ae9a798f455
SHA512

2e8326178b736ad60c56451821d634ce519fcc32fdd618f77d79f7c04a4422f870b000ae8120567284affc4cc29cbc10288293e5f6def5a1941c6a2307bb29ca
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8kr:Olg35GTslA5t3/w8u

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  70bc053579dbbd5848cfb1f85fbe3b93dfeb8d4e6a5a313fedf08ae9a798f455
- Size
  
  70KB
- MD5
  
  8b82dcf7bd132da739ae1eb9061455a2
- SHA1
  
  768666a07b5ebc1d0cf2afe3e80ce7326b3d5c45
- SHA256
  
  70bc053579dbbd5848cfb1f85fbe3b93dfeb8d4e6a5a313fedf08ae9a798f455
- SHA512
  
  2e8326178b736ad60c56451821d634ce519fcc32fdd618f77d79f7c04a4422f870b000ae8120567284affc4cc29cbc10288293e5f6def5a1941c6a2307bb29ca
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8kr:Olg35GTslA5t3/w8u
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan