980f1137038841d2e222313aaf80450ce810c2562cb2cde8d478ffc6d72c8ddd | Triage

Submit
Reports

Overview

overview

Static

static

980f113703...dd.exe

windows7-x64

980f113703...dd.exe

windows10-2004-x64

Sharing

General

Target

980f1137038841d2e222313aaf80450ce810c2562cb2cde8d478ffc6d72c8ddd
Size

55KB
Sample

240603-bn9gzafd52
MD5

2fd7c86ec51e6a27e4d6ffd9103de424
SHA1

f0e030aaebbeb73d905bf0bf28d8360c135ace65
SHA256

980f1137038841d2e222313aaf80450ce810c2562cb2cde8d478ffc6d72c8ddd
SHA512

b9a6652eb45ecd9974f606eb0dca11ced68d5b5a0e5b73e73c0d99723b33f55284ef31a1a9e32ca93e4dacb983fc92fb3df8e0b4ee8c26ea8ecc0aa6d140e376
SSDEEP

1536:XU6JhlQvW4R8ZDW2OsdCj7VhJ/YY5rInouy8r:XRhlARSOsdwD/98out

Score

10^/10

evasion persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

980f1137038841d2e222313aaf80450ce810c2562cb2cde8d478ffc6d72c8ddd.exe

Resource

win7-20240508-en

evasion persistence trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

980f1137038841d2e222313aaf80450ce810c2562cb2cde8d478ffc6d72c8ddd.exe

Resource

win10v2004-20240426-en

evasion persistence trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  980f1137038841d2e222313aaf80450ce810c2562cb2cde8d478ffc6d72c8ddd
- Size
  
  55KB
- MD5
  
  2fd7c86ec51e6a27e4d6ffd9103de424
- SHA1
  
  f0e030aaebbeb73d905bf0bf28d8360c135ace65
- SHA256
  
  980f1137038841d2e222313aaf80450ce810c2562cb2cde8d478ffc6d72c8ddd
- SHA512
  
  b9a6652eb45ecd9974f606eb0dca11ced68d5b5a0e5b73e73c0d99723b33f55284ef31a1a9e32ca93e4dacb983fc92fb3df8e0b4ee8c26ea8ecc0aa6d140e376
- SSDEEP
  
  1536:XU6JhlQvW4R8ZDW2OsdCj7VhJ/YY5rInouy8r:XRhlARSOsdwD/98out
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- UPX dump on OEP (original entry point)
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy