81ebbd4026784f7511aa9a86f322b61d02e5819983915e004061309d14027477 | Triage

Sharing

General

Target

81ebbd4026784f7511aa9a86f322b61d02e5819983915e004061309d14027477
Size

71KB
Sample

240522-ckxvfahb7t
MD5

77f36588402f1fabb53b174a3b606d80
SHA1

5dbfa19a58e510ba4c5728512eebf82baa4b0747
SHA256

81ebbd4026784f7511aa9a86f322b61d02e5819983915e004061309d14027477
SHA512

0e2c4045551c2558a14eeba356710cd90ab7806411f8a5a8be1d4c476fdacdccc658b43133b5290cdcdabb9d5de5cfd06f6cad37ffbc836be1977e1bea67a055
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8sl21g:Olg35GTslA5t3/w8TK

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  81ebbd4026784f7511aa9a86f322b61d02e5819983915e004061309d14027477
- Size
  
  71KB
- MD5
  
  77f36588402f1fabb53b174a3b606d80
- SHA1
  
  5dbfa19a58e510ba4c5728512eebf82baa4b0747
- SHA256
  
  81ebbd4026784f7511aa9a86f322b61d02e5819983915e004061309d14027477
- SHA512
  
  0e2c4045551c2558a14eeba356710cd90ab7806411f8a5a8be1d4c476fdacdccc658b43133b5290cdcdabb9d5de5cfd06f6cad37ffbc836be1977e1bea67a055
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8sl21g:Olg35GTslA5t3/w8TK
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan