Overview

overview

10

Static

static

3

da5c7f582d...d3.exe

windows7-x64

10

da5c7f582d...d3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da5c7f582d1cfdfb11807f82ca401c8b2207e9079ea46bd1b6e163d011843fd3

  • Size

    44KB

  • Sample

    240523-ea9scscg4x

  • MD5

    3466738a59b6a76f5dd7059760478764

  • SHA1

    1a722af337ea07904be6bf25ac96dbce0ed20f47

  • SHA256

    da5c7f582d1cfdfb11807f82ca401c8b2207e9079ea46bd1b6e163d011843fd3

  • SHA512

    08465ad91792436e624fa970095c00e474562424458205a8a3a70279c559024f66b077b29f2b884ed9c7f50c3aca42a985fbf85febc864f15de6b9dd2f12bbfa

  • SSDEEP

    768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvr9Vu18ys:RUNHFKQbIkHvGkA65p

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      da5c7f582d1cfdfb11807f82ca401c8b2207e9079ea46bd1b6e163d011843fd3

    • Size

      44KB

    • MD5

      3466738a59b6a76f5dd7059760478764

    • SHA1

      1a722af337ea07904be6bf25ac96dbce0ed20f47

    • SHA256

      da5c7f582d1cfdfb11807f82ca401c8b2207e9079ea46bd1b6e163d011843fd3

    • SHA512

      08465ad91792436e624fa970095c00e474562424458205a8a3a70279c559024f66b077b29f2b884ed9c7f50c3aca42a985fbf85febc864f15de6b9dd2f12bbfa

    • SSDEEP

      768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvr9Vu18ys:RUNHFKQbIkHvGkA65p

    Score
    10/10
    evasionpersistencetrojan

    • Windows security bypass

      evasiontrojan

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

5
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks