d0f5d2c34f5b3ded6ec0647f03af837579cd408a4dc5b7b98136164ab37515d4 | Triage

Sharing

General

Target

d0f5d2c34f5b3ded6ec0647f03af837579cd408a4dc5b7b98136164ab37515d4
Size

70KB
Sample

240523-dwswasca7s
MD5

68c8d7390d5835a5da8679274990bf97
SHA1

1e913a8ff85c47b5cc358dd53c5b999f3681512c
SHA256

d0f5d2c34f5b3ded6ec0647f03af837579cd408a4dc5b7b98136164ab37515d4
SHA512

a8e3bfcf99c2cf3ff908df6d3be744321271c11ca0623e402bf63c3cdc535b954aaa9b3828117e450784cc23057e4f117b595135f50b35c884f16958d8f85ddf
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw86B:Olg35GTslA5t3/w86B

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  d0f5d2c34f5b3ded6ec0647f03af837579cd408a4dc5b7b98136164ab37515d4
- Size
  
  70KB
- MD5
  
  68c8d7390d5835a5da8679274990bf97
- SHA1
  
  1e913a8ff85c47b5cc358dd53c5b999f3681512c
- SHA256
  
  d0f5d2c34f5b3ded6ec0647f03af837579cd408a4dc5b7b98136164ab37515d4
- SHA512
  
  a8e3bfcf99c2cf3ff908df6d3be744321271c11ca0623e402bf63c3cdc535b954aaa9b3828117e450784cc23057e4f117b595135f50b35c884f16958d8f85ddf
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw86B:Olg35GTslA5t3/w86B
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan