8faf6a0c9fb552bf54c169741fa1575c7c9556b5aecb904fd00669a015552520 | Triage

Sharing

General

Target

8faf6a0c9fb552bf54c169741fa1575c7c9556b5aecb904fd00669a015552520
Size

71KB
Sample

240523-ankyyaee6x
MD5

de967352a245c01dfc6a3e4c1c6d2ce0
SHA1

07cd8604c96507aabf2692a6bd91410e74b7a440
SHA256

8faf6a0c9fb552bf54c169741fa1575c7c9556b5aecb904fd00669a015552520
SHA512

2132c8fb69b915d6ea4b335c7edffaaf5a9b5637ce3dcb245632d5239e79216fd06c4f10b8a62b6abec75507573c5cf071d695f7fad35dbefb52c476ff925c01
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8b2:Olg35GTslA5t3/w8b2

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  8faf6a0c9fb552bf54c169741fa1575c7c9556b5aecb904fd00669a015552520
- Size
  
  71KB
- MD5
  
  de967352a245c01dfc6a3e4c1c6d2ce0
- SHA1
  
  07cd8604c96507aabf2692a6bd91410e74b7a440
- SHA256
  
  8faf6a0c9fb552bf54c169741fa1575c7c9556b5aecb904fd00669a015552520
- SHA512
  
  2132c8fb69b915d6ea4b335c7edffaaf5a9b5637ce3dcb245632d5239e79216fd06c4f10b8a62b6abec75507573c5cf071d695f7fad35dbefb52c476ff925c01
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8b2:Olg35GTslA5t3/w8b2
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan