fa1f813b2866e6a8e1ee6a1f0040e2e7bb5a3af33700df64c8114076212e170c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0185f302c7ce43b7f503d6a3520ed090N.exe
Size

68KB
Sample

240715-yw4m1szbqd
MD5

0185f302c7ce43b7f503d6a3520ed090
SHA1

82cf569ae648c55c90386f8ba1559dbbb9a300d0
SHA256

fa1f813b2866e6a8e1ee6a1f0040e2e7bb5a3af33700df64c8114076212e170c
SHA512

dd15ae9d0ddf385e2d131bbca36c66f95e40da21cfa0a5237109783460584218d53f544ffb0c7b6a2c2ed62746aab556a96bfa01ebabc4f5087280fa89910f81
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8NU8nK:Olg35GTslA5t3/w8NU8nK

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  0185f302c7ce43b7f503d6a3520ed090N.exe
- Size
  
  68KB
- MD5
  
  0185f302c7ce43b7f503d6a3520ed090
- SHA1
  
  82cf569ae648c55c90386f8ba1559dbbb9a300d0
- SHA256
  
  fa1f813b2866e6a8e1ee6a1f0040e2e7bb5a3af33700df64c8114076212e170c
- SHA512
  
  dd15ae9d0ddf385e2d131bbca36c66f95e40da21cfa0a5237109783460584218d53f544ffb0c7b6a2c2ed62746aab556a96bfa01ebabc4f5087280fa89910f81
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8NU8nK:Olg35GTslA5t3/w8NU8nK
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan