c5b0e84880d34a47115712f9400b14c14714cad8cbc4f6cc90dd8c54fc55a4a1 | Triage

Sharing

General

Target

c5b0e84880d34a47115712f9400b14c14714cad8cbc4f6cc90dd8c54fc55a4a1
Size

70KB
Sample

240523-dbqv7sbd88
MD5

267763ab56153b11459ad352dd3b8154
SHA1

f3e6ea4feb6f514f338f7e243812973186d928f7
SHA256

c5b0e84880d34a47115712f9400b14c14714cad8cbc4f6cc90dd8c54fc55a4a1
SHA512

5ce83b0e87cbc16248f580bc1820e37664c77cb4a2a20125c1b64da9e3d2026ce049e3571010c6a857239a243ddf9103794147d374968797278b40da8bd401be
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8vj:Olg35GTslA5t3/w8r

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  c5b0e84880d34a47115712f9400b14c14714cad8cbc4f6cc90dd8c54fc55a4a1
- Size
  
  70KB
- MD5
  
  267763ab56153b11459ad352dd3b8154
- SHA1
  
  f3e6ea4feb6f514f338f7e243812973186d928f7
- SHA256
  
  c5b0e84880d34a47115712f9400b14c14714cad8cbc4f6cc90dd8c54fc55a4a1
- SHA512
  
  5ce83b0e87cbc16248f580bc1820e37664c77cb4a2a20125c1b64da9e3d2026ce049e3571010c6a857239a243ddf9103794147d374968797278b40da8bd401be
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8vj:Olg35GTslA5t3/w8r
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan