Overview

overview

10

Static

static

3

White_Rabb...ed.exe

windows7-x64

7

White_Rabb...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    White_Rabbit_Remastered.exe

  • Size

    11.9MB

  • Sample

    240527-yjllnsha24

  • MD5

    a90609eb0359754f0d8d1735285538b3

  • SHA1

    6dc4afb672f0b9460f7e6fa177fd581b73f1bdae

  • SHA256

    2125f016e5dadeaefa7f22be1dfc55cd782cb20cc518c560e93b70c41d3ca78a

  • SHA512

    1355d882c7010bd90ded63c63b4f8c6ccb25d35b035075c15de1d37af7b269d7ce666762171c64c0cfd9448c7d87831d268ffe1fc7b8e7f8b37d585f4f6b1620

  • SSDEEP

    196608:3HcAhnIqorJJhb04AxL2Vmd6+DMnNgwQ+dtLI/1q3+dgSh7kIg50W8/LakFgephP:Xnn7otHhEL2Vmd6m8Njyq3+d9h78aW8v

Score
10/10
evasionpersistencepyinstallertrojan

Malware Config

Targets

    • Target

      White_Rabbit_Remastered.exe

    • Size

      11.9MB

    • MD5

      a90609eb0359754f0d8d1735285538b3

    • SHA1

      6dc4afb672f0b9460f7e6fa177fd581b73f1bdae

    • SHA256

      2125f016e5dadeaefa7f22be1dfc55cd782cb20cc518c560e93b70c41d3ca78a

    • SHA512

      1355d882c7010bd90ded63c63b4f8c6ccb25d35b035075c15de1d37af7b269d7ce666762171c64c0cfd9448c7d87831d268ffe1fc7b8e7f8b37d585f4f6b1620

    • SSDEEP

      196608:3HcAhnIqorJJhb04AxL2Vmd6+DMnNgwQ+dtLI/1q3+dgSh7kIg50W8/LakFgephP:Xnn7otHhEL2Vmd6m8Njyq3+d9h78aW8v

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Modify Registry

2
T1112

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks