ad75bda6376a777cc305d6789ef3abbabeff035a4d583b86a3184df1a89845a3 | Triage

Sharing

General

Target

ad75bda6376a777cc305d6789ef3abbabeff035a4d583b86a3184df1a89845a3
Size

71KB
Sample

240523-b85drahe46
MD5

5a4fe97572234e02fd245bd781bcc368
SHA1

f41130c9ca99785015e38508144ea950db6037f3
SHA256

ad75bda6376a777cc305d6789ef3abbabeff035a4d583b86a3184df1a89845a3
SHA512

37d49bbd3edf6a1f1061418a00f6f19f6a2d4699973a6d212b546b9a616b511fd61c5b09a68d76fcf7764d0c3c242eda4f55bd0fc8ace881eb3bbce4b0b797e6
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8D0:Olg35GTslA5t3/w8Q

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  ad75bda6376a777cc305d6789ef3abbabeff035a4d583b86a3184df1a89845a3
- Size
  
  71KB
- MD5
  
  5a4fe97572234e02fd245bd781bcc368
- SHA1
  
  f41130c9ca99785015e38508144ea950db6037f3
- SHA256
  
  ad75bda6376a777cc305d6789ef3abbabeff035a4d583b86a3184df1a89845a3
- SHA512
  
  37d49bbd3edf6a1f1061418a00f6f19f6a2d4699973a6d212b546b9a616b511fd61c5b09a68d76fcf7764d0c3c242eda4f55bd0fc8ace881eb3bbce4b0b797e6
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8D0:Olg35GTslA5t3/w8Q
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan